A security researcher and self-described hacker known as “pdp” claims he has found a critical exploit in Adobe’s Acrobat software that can compromise many Windows PCs simply by viewing a maliciously-crafted PDF file. The flaw affects both Windows XP SP2 and Windows 2003; Windows Vista, OS X, and Linux users are unaffected.

The bug affects Acrobat Reader, versions 8.1, 8.0, and 7, either when run in stand-alone mode or embedded inside a web page. Some work-alike PDF readers, such as the svelte Foxit Reader, are also affected but in a lesser manner: they display a confirmation dialog before the exploit is allowed to run. Continue reading »

add to del.icio.us

BOSTON (Reuters) - A few weeks ago Candace Locklear’s office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.

She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.

It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she’s still not convinced that all’s clear.

“I’d like to think that it’s gone. But I just don’t know,” said Locklear, 40, a publicist in San Francisco. “That’s what is so frustrating.”

Computer security experts estimate that tens of millions of personal computers are infected with malicious software like the one that attacked Locklear’s machine. Such programs, generally classified as malware, attack companies along with consumers.

Some are keyloggers, recording every key stroke that the user enters — sending valuable bank account information, passwords and credit card numbers to hackers.

Read full story.

add to del.icio.us