Adobe released some major security updates for its products, particularly Adobe Reader and Acrobat, on all platforms (Win, Mac OS, Linux) and we strongly encourage our readers to install these updates. For details, the Adobe blog is worth reading as well.

This update is in line with a recent zero-day attack that we also reported earlier this month.

Adobe PDF was a main target for malware writers during the last months so we are very delighted to see this response from Adobe. We strongly advise users to install these updates as soon as possible.

Update as of July 3, 2010, 10:27 a.m. (UTC)

The recent Adobe patch included a fix for the oft-abused /launch vulnerability that when successfully exploited can allow files embedded in .PDF files to be dropped and executed on systems. This feature has now been modified. While the feature was not totally disabled, Adobe has chosen to implement a black list to prevent .EXE files from running on a system by default. (System administrators can choose to re-enable this if they want to.) Details for the fix can be found here.

However, reports indicate that the current fix does not completely solve the problem, as a proof-of-concept (PoC) code bypassing Adobe’s solution has been released. Adobe has acknowledged this but believes that the current solution still reduces risks of attack.

New versions of mobile OSs like Apple’s iOS and Google’s Android may be in the news of late but for all the publicity both received, older Symbian OSs still make up around half of all smartphones sold in 2009. Advanced threats researcher Paul Ferguson came across a new suspicious application running on the S60 platform.

Calling itself ZvirOK, the application has one primary payload—to send a text message to the number 7250 with the text mumym xxx joker90. The intent behind this is unclear, it could perhaps be related to pay services frequently provided by mobile operators. This could cost the user money, particularly if the fees are high. Beyond that, however, no one can really say for sure.

Trend Micro products detect this malicious application as SYMBOS_FLOCK.I. The Python script responsible for sending the text message is detected as TROJ_FLOCK.I.

Twitter is becoming a common medium to spread spam, malware, and all kinds of badness. Just a few weeks ago, we wrote about FIFA and the Gaza attacks being used as social engineering leverage by Trojan creators and there are no signs of them stopping anytime soon.

Over the past two weeks, several Twitter accounts were created for the sole purpose of Tweeting Poison Ivy or Bifrost download links. Both Poison Ivy and Bifrost are backdoors, malicious programs that allow an unauthorized user access to an infected machine. Interestingly, these backdoor programs are uploaded to either freewebtown.com or leadhoster.com, both of which are free Web hosting sites.

For some of our readers, these things aren’t new but what caught my eye are these Tweets written in Arabic:

Cybercrime groups, it seems, are broadening the scope of their social engineering by employing localization techniques. Quite clever, huh?

Lastly, these rogue Twitter accounts either have very few or no followers and following, which means the only way for potential victims to see the backdoor URL is to do a Twitter search with the appropriate keywords. Hmmm… blackhat SEO Twitter style anyone?

Social media has affected business organizations in many different ways through the years and these effects caused the development of a rather complicated relationship between the two.

Social media has proven to be an effective marketing tool for businesses. Data collected last year from Fortune’s Global 100 revealed that more than 50 percent of the said companies have Twitter, Facebook, and YouTube accounts. On the other hand, social media tools such as social networks have been reported to affect office productivity and also serve as popular media for online threats.

In the same way that businesses use social media, cybercriminals do as well. Just recently, we saw an advertisement for fake point-of-sale (POS) devices in an underground forum where the seller offered a fake POS device for 1,000 EUR.

This time, we found an advertisement for a malicious tool, in a more “mainstream” channel.

The YouTube video above is actually an advertisement for a distributed denial-of-service (DDoS) tool. A screenshot of the tool is shown on the video while features and other details such as the price and the URL where to purchase the tool are indicated in the details. (It has since been taken down by YouTube.)

Notably, the video had more than 600 views. Though the number is relatively small, one can’t help but wonder how many of those viewers were enticed enough to visit the given site and to purchase the tool. After all, it’s only US$15.

The said post is just one of the many malware ads in social networks. If anything, the above-mentioned advertisement only goes to show that cybercriminals are using social networks the same way legitimate businesses do to gain “customers” even if the customers in question are other cybercriminals.

For best practices to follow in managing a social network account, you can check our white paper, “Security Guide to Social Networks.”

We recently saw some articles on the Web saying that Slim Shady aka Eminem died in a car crash. Today, we received a spammed message that still claims the rumor is true. The email pretends to be from CBS News informing the recipient of the news about Eminem’s alleged car crash. It also asks if the user wants to see more information about it. A link is provided in the email to show the user the supposed video. Instead of the video, however, the link redirects to a site that downloads an executable file.

Below are screenshots related to this attack.

The .EXE file, of course, turns out to be malicious. It is another member of the infamous and persistent ZBOT family of infostealers, which is detected as TROJ_ZBOT.HBI. The activities of ZBOT malware and the related ZeuS botnet were discussed in a Trend Micro white paper earlier this year. It’s not the first time that spam has been used to spread ZBOT either, as in March this year, two spam campaigns did so. The first campaign used fake notices from the Internal Revenue Service (IRS) while the second used allegedly posted photos.

Trend Micro product users are already protected from this threat via the Smart Protection Network, which blocks the spammed message, the download URL, and the malicious file.