Tweet

We got hold of an exploit targeting the vulnerability Adobe reported in its most recent security advisory.

The exploit, detected as TROJ_ADOBFP.B (now detected as TROJ_ADOBFP.SM), takes advantage of the referenced vulnerability to drop another malicious file detected as TROJ_DROPPER.ADO.

TROJ_ADOBFP.B arrives in users’ systems as a malicious .SWF file that has been embedded into an .XLS file. This .SWF file contains the code for the exploit. TROJ_DROPPER.ADO, on the other hand, drops another malicious file detected as BKDR_COSMU.KO. BKDR_COSMU.KO connects to a URL to execute certain commands. It also retrieves information from the affected system such as drive information, OS, file or directory list, as well as a list of existing processes and services.

The vulnerability related to this threat affects the following software and their corresponding versions:

• Adobe Flash Player 10.2.152.33 for Windows, Macintosh, Linux, and Solaris OSs
• Adobe Flash Player 10.1.106.16 and earlier versions for Android
• Adobe Reader and Acrobat X (10.0.1) for Windows and Macintosh OSs (specifically the Authplay.dll component)

Adobe posted a schedule for the release of security updates that will address this vulnerability. All affected versions, except Adobe Reader X, will be patched on March 21. The update for Adobe Reader X will be released on June 14. Until the updates are released, users are advised to be extra careful, especially when dealing with .XLS files coming from unknown users.

Update as of March 22, 2011, 12:50 AM Pacific Time

Adobe released the security updates for Adobe Flash Player and Adobe Reader and Acrobat. More information on the said updates can be found in the following pages:

• Security update available for Adobe Flash Player
• Security updates available for Adobe Reader and Acrobat

Users are strongly advised to apply the said updates as soon as possible.