back to news listing

Zbot Trojan campaign: Tips from Adobe

www.ciol.com
April 20, 2010

 
BANGALORE,INDIA: Reacting to the CIOL newsreport on new Zbot trojan campaign, Adobe Systems on Tuesday asked the users to exercise caution and execute files that only come from trusted sources.

This website had reported on Monday about the trojan campaign and Websense Security Labs receiving several reports of a Zbot trojan campaign spreading via email.

According Websence over about 2200 messages has been screened so far.Zbot (also known as Zeus) is information stealing trojan (infostealer) collecting confidential data from each infected computer. The main vector for spreading Zbot is a spam campaign where recipients are tricked into opening infected attachments on their computer.

ALSO READ: SECURITY TRENDS 2010

In a statement Adobe said that Adobe PDF specification is an ISO standard (ISO PDF 32000-1:2008).

"Section 12.6.4.5 of the specification defines the "/launch" command. This is an example of powerful functionality relied on by some users that also carries potential risks when used incorrectly. The warning message provided in Adobe Reader and Adobe Acrobat includes strong wording advising users to only open and execute the file if it comes from a trusted source".

The statement further stated that users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing the box “Allow opening of non-PDF file attachments with external applications” (see also screen shot below).

Adobe further said that in organizations where the administrator would like to disable this functionality (rather than giving the end-user the option to check or uncheck the box), the administrator can control this functionality via the registry setting on Windows by doing the following:

* Set HKCU\Software\Adobe\Acrobat Reader\\Originals\bAllowOpenFile (DWORD) to 0 * An administrator can also grey out the preference to keep end-users from turning this capability on, by setting HKCU\Software\Adobe\Acrobat Reader\\Originals\bSecureOpenFile (DWORD) to 1.

http://www.ciol.com/Technology/Security/News-Reports/Zbot-Trojan-campaign-Tips-from-Adobe/135117/0/



home  |    articles    |    news    |    portfolio    |    about us    |    partners    |    blog
services    |    careers    |    tell us what you need    |    contact us    |    sitemap    |   resources


SEO Outsource: SEO Span | Copyright © 2005 Outsourceit2philippines. All Rights Reserved.

Our Partners