February 9, 2007 10:22 AM PST

Corporate computer threats 'moving to Adobe'

SAN FRANCISCO--The launch of Microsoft Office 2007 is likely to turn malicious hackers' attention to other desktop applications, experts have warned.

They are likely to begin focusing more attention on looking for vulnerabilities in software such as Abobe Systems' Acrobat Reader, security experts said at the RSA Conference 2007 here on Wednesday.

Today, most spyware and other "crimeware" applications target flaws in client-side applications, explained Jeff Moss, who founded the Black Hat and Def Con hacker conventions. These attacks involve sending an employee or home user a modified file, or a hyperlink to a Web download, that will compromise their system if executed.

"Office 2007 is much better architected, and the fine-grained capabilities are much better (than Office 2003), so you're going to see a lot less application attacks against Office. And because of that you're going to see less attacks against Vista that are successful," predicted Moss.

special coverage
Unlocking security at RSA 2007
All the latest from the security confab.

"So, where do the attackers go? Every other app that you are running. That's going to be Acrobat, and we've already started seeing that in the last couple of months. They just go for the lowest-hanging fruit," Moss said.

Moss added that Adobe has recently begun patching more quickly, because it has become more of a target for these attacks. In January, Adobe admitted that its PDF Reader application contained a major security hole, which exposes a user's hard drive to attack.

Attendees of the RSA Conference heard that crimeware is a rapidly growing threat facing both companies and individuals. Criminals are using Trojan horses, rootkits, keyloggers and other pieces of malicious software in a concerted attempt to steal personal data, log-in codes or banking details.

Doug Camplejohn, chief executive of Mi5 Networks, which sells antispyware products, cited analyst firm Gartner's prediction that 75 percent of businesses will fall victim to a piece of financially motivated spyware in 2007. However, he wasn't sure that the recent launch of Office 2007 will have a significant effect on the problem.

"Not everyone is going to move to Vista overnight. So there's going to be a broad period of time when there's a broad user base that is going to have the existing vulnerabilities to deal with," Camplejohn said.

According to Moss, a team of malicious hackers might spend a month working on a client-side exploit before releasing it, but may devote as much as nine months perfecting a server-side attack, trying to get it exactly right before launching it. If the attack relies on a previously unknown flaw, they may only have one shot before security vendors wake up to the problem and issue protection.

Because computer crimes often rely on an individual running an application or clicking on a link, education should be a key part of a company's defense strategy, some conference attendees said. Locking down nonessential applications to limit the company's exposure to danger was also recommended.

"If I've got a user who isn't supposed to go onto the Internet, why am I allowing them Internet access?" asked Andre Gold, director of information security at Continental Airlines.

Camplejohn agreed that a more prescriptive, proactive approach may be better. "User education is nice, but I think that for the most part it falls on deaf ears," he said. "What we find most effective is to basically slap someone's hand right when they're doing something--a screen pop-up that tells them 'You can't do this' because that's confidential data that's going out that door."

"In some cases, people don't know that's something that they shouldn't be doing. And also, they know someone's watching."

Graeme Wearden of ZDNet UK reported from San Francisco.

See more CNET content tagged:
RSA Security Inc., Microsoft Office 2007, attack, conference, flaw


Join the conversation!
Add your comment
adobe patching more quickly?
"Moss added that Adobe has recently begun patching more quickly, because it has become more of a target for these attacks."

Adobe first recommended that users upgrade to reader version 8, which at the time was less than a month old. For corporations that depend on Reader version 7, this just wasn't an option. (several functions in form fields of PDF's have changed, as well as the GUI/display renderer.) It was only until the press came on hotter that they released version 7.0.9.
Posted by mjm01010101 (126 comments )
Reply Link Flag
Threats move...not necessarily to Adobe
The nature of Internet threats is that they evolve where there is a weakness. To state that since MS has strenghtened their applications, thus hackers will redirect their efforts to less secure applications is fure folly. Yes, those of a lesser stature will be more vulnerable, but this factor alone isn't where the majority of threats will come from.

Today, most organizations are noting the rise of high-focused exploits that are not seeking to damage but more to exploit other organization's networks, resources and information. Financial gain in the name of the game and not "I'm gonna take you down!"

Every OEM that sells their wares and does so with flaws, only harms their own case. Whatever exposures come as a result, the cost of repair to the product and company's image can be hefty. If not for Microsoft's monopoly-like position and hoards of cash, how else could anyone afford to sell easy-to-use products that are crap from a security standpoint?
Posted by Schratboy (122 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.