FireEye Provides Pre-patch Protection From Latest Adobe Reader and Acrobat Vulnerabilities
Active Criminal Exploitation Reported Since November 20, 2009
Milpitas, Califorinia - Dec 20, 2009 – FireEye, Inc., the leader in modern malware protection systems, today announced that it provides proactive security against targeted attacks exploiting the latest Adobe Reader® and Acrobat® critical vulnerability (described in Adobe Security Bulletin APSA09-07). FireEye's solution provides its customers this advance protection through its virtual victim machine analysis technology, which did not require updates nor prior knowledge of the vulnerability to protect customers.
On December 15, Adobe confirmed a new zero-day vulnerability within Adobe Reader and Acrobat. All versions of Adobe Reader/Acrobat 9.2 and prior are affected. FireEye has been tracking multiple targeted and automated threats leveraging this zero-day vulnerability. Targeted system are compromised when a user opens a malicious PDF file. Adobe is aware of the vulnerability and is expected to release a patch/fix by January 12, 2010.
Traditional desktop antivirus and network intrusion prevention have not been blocking zero-day attacks exploiting this latest Adobe vulnerability. While customers should monitor for future signature updates, they should be aware that modern malware employs polymorphic and dynamic behavior to bypass signature-based technologies so that it can continue to exploit the Adobe vulnerability. Also, customers will find that PDF content delivered via the Web is not typically analyzed for maliciousness.
"Users only have to open a PDF document to fall victim to a cyber criminal and have their system become the conduit for a massive data breach." said Marc Maiffret, chief security architect at FireEye. "We are seeing active PDF exploits in the wild, so customers need advanced protections against targeted attacks today."
FireEye network appliances protect customers against zero-day PDF attacks by utilizing its multi-protocol malware analysis technology. Potentially suspicious network data is identified across a range of protocols, and then goes into a detailed verification using virtual victim machine analysis. For example, suspicious PDFs (and Web pages, in general) are analyzed using instrumented virtual machines to confirm the PDFs have exploit code within that will successfully compromise a targeted system. FireEye victim machines are then able to provide detailed analysis of the attack, including but not limited to specific malware call back destinations as well as actions on the compromised endpoint, such as registry changes or DLL hooks. With the virtual victim machine analysis technology, FireEye is uniquely able to detect zero-day, targeted malware, even as they continue to morph over time.
For the latest updates on malware and botnet research, visit the FireEye Malware Intelligence Lab's blog at http://blog.fireeye.com/, or follow the company on twitter at http://twitter.com/fireeye
About FireEye, Inc.
FireEye, Inc. is the leader in malware protection systems, enabling organizations to protect critical infrastructure, intellectual property, and networks against Web malware and botnet infiltration. The FireEye Malware Protection System is a next-generation malware analysis platform featuring the network use of transparent virtual machines to uncover zero-day malware, botnets, and targeted attacks that circumvent today's technologies such as intrusion prevention systems, antivirus, and URL filters. By essentially eliminating false positives, FireEye re-defines effective network security. The company is backed by Sequoia Capital, Norwest Venture Partners, JAFCO, SVB Capital, DAG Ventures, and Juniper Networks. For more information, contact (408) 321-6300 or email: info@fireeye.cominfo@fireeye.com. Visit us at www.FireEye.com.
###
©2006-2009 FireEye, Inc. All rights reserved. FireEye and the FireEye logo are registered trademarks of FireEye, Inc. in the United States and/or other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.