For the first time security researchers have spotted a type of
malicious software that overwrites update functions for other
applications, which could pose additional long-term risks for users.
The malware, which infects Windows computers, masks itself as an
updater for Adobe Systems' products and other software such as Java,
wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security
(BKIS), a Vietnamese security company, on its blog.
BKIS showed screen shots of a variant of the malware that imitates
Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which
regularly checks in with Adobe to see if a new version of the software
is available.
Users can inadvertently install malware on computers if they open
malicious e-mail attachments or visit Web sites that target specific
software vulnerabilities. Adobe's products are one of the most targeted
by hackers due to their wide installation base.
After this particular kind of malware gets onto a machine, it opens a
DHCP (Dynamic Host Configuration Protocol) client, a DNS (Domain Name
System) client, a network share and a port in order to received
commands, BKIS said.
Malware that poses as an updater or installer for applications such
as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior
security advisor for Trend Micro.
Decent security software should detect the malware, but those people
who do become infected could be worse off even if the malware is
removed, Ferguson said.
"They will lose the auto-updating functionality of whatever software
is affected even after the malware is cleaned up," Ferguson said. "That
could of course leave them open to exploitation further down the line if
critical vulnerabilities don't get patched as a result."
That means that users would need to manually download the software
again, which they may be unlikely to do if they don't know the effect of
the malware.
IDG News Service
