- 31.03.2009: Conficker Working Group
- 02.03.2009: Waledac Coupon Campaign & Updated Domain List
- 21.02.2009: See below.
- 19.02.2009: When PDFs Attack - Acrobat [Reader] 0-Day On the Loose
- 16.02.2009: Shadowserver - ASN & Netblock Alerting & Reporting Service
- 12.02.2009: Joint Effort at Conficker Disruption
- 02.02.2009: Reports and Data
- 29.01.2009: Asprox Goes Phishing Again
- 24.01.2009: More Waledac Domains to Block
- 22.01.2009: Asprox - It's Baaaaaaack
- 19.01.2009: Inauguration Themed Waledac - New Tactics & New Domains
- 09.01.2009: Waledac Domains - Updated List
Saturday, 21 February 2009
More on the Adobe Acrobat 0-Day
Adobe Advisory Issued
First we are a glad to see that Adobe issued Adobe Product Security Advisory 09-01 (APSA09-01) within a few hours of our initial posting on this issue on Thursday. The advisory is more of an acknowledgment of an issue and relatively light on any details. However, a few items of interested can be extracted from this advisory.
Work Arounds & Windows Group Policy Object (GPO)
Not so New After All?
We are also seeing more evidence that this exploit may not be so new after all. Various write-ups from different vendors, Symantec, McAfee, and Sophos, may possibly indicate this exploit has been around since mid-January and potentially in December. We have not been able to validate any of this yet, but we are thinking this exploit was likely in the wild since some time in January. Unfortunately we do not have a comprehensive list of command and control servers that we can share.
=>Posted February 21, 2009, at 10:24 AM by Steven Adair