Adobe Possibly Bigger Target than Microsoft for Malware

August 17, 2008

At Onsite Computer Services in New Orleans we regularly remove viruses and other malware from Microsoft systems.  Microsoft commands a huge market share of operating systems and malware authors love large targets.  This week Onsite encountered an interesting piece of malware that could potentially affect all computers – Microsoft, Macs, and several distributions of Linux.

Called Exploit-CVE2007-0017 by Mcafee, this malware seems to affect older versions of unpatched Adobe Flash players, regardless of operating system or web browser.  Adobe commands a huge market share with their Flash PlayerFlash Player is required to view content on increasing numbers of sites and is used in 99% of web browsers on all personal computers.   

                                                                    
Exploit-CVE2007-0017 usually comes to the affected system when visiting a web page embedded with this exploit. The malware exploits a critical vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could allow malicious code execution and loss of control to the affected system.  Below is an interesting link at Adobe with additional information:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
 
Many computer users often forgo the update procedure for software products on their PCs.  Some rationalize, “If it’s not broke, don’t fix it!”  However this exploit may change that logic.  The National Vulnerability Database, which is sponsored by the Department of Homeland Security, has some important information regarding this exploit at:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0071

Of special note at the National Vulnerability Database is the Impact Type for this exploit: “Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation, Allows unauthorized disclosure of information, Allows disruption of service…”  Some may also say the number of “References to Advisories, Solutions, and Tools” at the site is quite extensive and covers MANY computer platforms.

Although we don’t know the exact number of computers affected by this Flash malware, some may agree the strategy of exploiting a vulnerability in a piece of software that is as ubiquitous as Flash is interesting.  The potential target of the malware authors is a much larger segment of the computing world than the Microsoft segment.
 
Onsite advises its clients to ALWAYS update your computer in a timely fashion.  Some may advise you to visit the Adobe site and download and install the latest Flash Player.

If you’re searching for New Orleans computer service or repair of your Microsoft based system or network, then call the Microsoft specialists at 504-469-6991. Onsite Computer Services, Inc. in New Orleans

You may also be interested in Onsite Computer’s Blog.

This New Orleans On-Site Computer Service post was provided by Eli Lucas. Eli can be reached at eli@onsitenola.com. Onsite Computer serves the Microsoft computing needs of small businesses throughout the Greater New Orleans area including Uptown, Lakeview, Broadmoor, Mid-City, Metairie, Jefferson, Kenner, Westbank, French Quarter, and the Warehouse District. Please visit our website for New Orleans Computer Service.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: