Adobe Systems Inc is investigating a report by a cyber-security firm
that hackers exploited previously unknown bugs in its Reader and Acrobat
software to launch sophisticated attacks on personal computers.
FireEye,
a Silicon Valley company that helps businesses fight cyber-attacks,
told Reuters it obtained so-called PDF files tainted with malicious
software, which can take advantage of the newly discovered bugs.
It declined to identify any victims of the attacks.
A
spokeswoman for Adobe said that the company is investigating the
report, which surfaced late on Tuesday. She declined to elaborate.
This
has been a busy year so far for Adobe's security team. In January, the
company pushed out security updates to fix vulnerabilities in Reader,
Acrobat and Flash, as well as a program known as ColdFusion that is used
to build websites.
Last week, it rushed out a fix for Flash
Player after security software maker Kaspersky Lab identified a critical
bug that enabled hackers to install "back doors" and take control of
PCs running on Microsoft Corp's Windows operating system or Apple Inc's
Mac OS X.
Adobe's software has long been a popular target for
hackers, who attack PCs by finding bugs in widely used programs that
they can then exploit to insert viruses on computers. Experts estimate
that Reader and Acrobat programs for accessing PDF documents and Flash
Player for accessing Internet content are installed on more than 1
billion PCs.
Hackers exploiting the most recently discovered vulnerability use PDF files to infect PCs, according to FireEye.
When
the victim opens the PDF, a visa application form appears onscreen, and
a virus installs a covert communications channel with a remote computer
known as a "command and control" server, which hackers use to control
infected PCs, said Zheng Bu, senior director of research at FireEye.
He said the virus also installs a third malicious file on the infected computer, but declined to elaborate.
Adobe
has yet to provide advice on how to protect PCs against attack. FireEye
said computer users should avoid opening unfamiliar PDFs, especially
when coming from unknown sources.
FireEye said on its blog it has
observed attacks on PCs running Adobe Reader 11, the most-recent version
of the software, as well as Reader 9 and Reader 10.
Adobe said on
its own security blog that the issue also affected Acrobat XI, the
current version of the software used to create PDF documents.
© Thomson Reuters 2013