Log In

Reset Password
BERMUDA | RSS PODCAST

PDFs may have been exploited

SHANGHAI/BEIJING (Reuters) — An attack on Google and at least 20 other companies, that originated from China, seems to have exploited a vulnerability in the popular Adobe Acrobat and Adobe Reader software, possibly to steal proprietary codes.

Adobe Systems said its computer network systems had been attacked but no sensitive information was stolen. The attackers may have been trying to exploit security vulnerabilities in Adobe Acrobat and Adobe Reader, which is widely used to create and read documents. The vulnerability in Adobe's two products could allow an attacker to inject a code into the computer once a PDF file was opened, security firm iDefense said in a "coordinated public" disclosure. It did not specifically refer to the Google attacks.

Adobe, which released a critical patch for this problem, was not immediately available for comment. Antivirus software maker McAfee said in its "2010 Threat Predictions" report last month that Adobe software would become increasing targeted by cyber criminals, as its products are the most widely used applications globally. "Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked," McAfee said in a statement.

Technology-focused website Wired.com quoted iDefense as saying the attack on Google and other corporations intended to steal the companies' source codes. Journalists, dissidents and other activists in China have often been the target of "phishing attacks," in which an e-mail that appears to be from a known sender contains an attachment with a virus or other malicious software.

In September, a coordinated cyberattack on the Chinese assistants of foreign news agencies contained malware that also exploited an Adobe Acrobat vulnerability. Google said part of the attack's purpose was to access Gmail accounts of human rights activists, adding that many activists seem to have been separately targeted with attacks designed to gain access to their accounts.

Separately, Microsoft said its e-mail service was not hacked. "We have no indication that any of our mail properties have been compromised," a Microsoft spokesman told Reuters.