Treasury Web Site Hacked --- Dump Adobe Reader if you have not

Discussion in 'Computer Security' started by Dan, May 5, 2010.

  1. Dan

    Dan Guest

    The Treasury web site was hacked earlier today. I suggest that you dump
    Adobe Acrobat Reader if you have not already done so. Unfortunately, but
    very true Adobe products have become dangerous in 'Net land today. If you
    must use a *.pdf reader than I would currently suggest Foxit Reader until
    Microsoft comes up with a *.pdf reader. There are other concerns such as
    Flash technology. I still use Adobe flash because it is so popular on the
    web today. Are there any suggestions about what to use instead of Adobe
    Flash if one wants to watch tv shows on-line at sites such as hulu.com.
    Thank you for your time and comments.
     
    Dan, May 5, 2010
    #1
    1. Advertisements

  2. Dan

    Tom Willett Guest

    Adobe had nothing to do with it, rumor-monger.
    : The Treasury web site was hacked earlier today. I suggest that you dump
    : Adobe Acrobat Reader if you have not already done so. Unfortunately, but
    : very true Adobe products have become dangerous in 'Net land today. If you
    : must use a *.pdf reader than I would currently suggest Foxit Reader until
    : Microsoft comes up with a *.pdf reader. There are other concerns such as
    : Flash technology. I still use Adobe flash because it is so popular on the
    : web today. Are there any suggestions about what to use instead of Adobe
    : Flash if one wants to watch tv shows on-line at sites such as hulu.com.
    : Thank you for your time and comments.
     
    Tom Willett, May 5, 2010
    #2
    1. Advertisements

  3. Dan

    Dan Guest

    I know that but vulnerabilities within Adobe Acrobat Reader affected users
    and allowed the code to be injected within individual computers who viewed
    the affected site. I am blaming Adobe for having lack security within their
    reader that anyone can easily target and not for the attack. Please focus
    your comments better, Tom. Thank you.
     
    Dan, May 5, 2010
    #3
  4. From: "Dan" <>

    | I know that but vulnerabilities within Adobe Acrobat Reader affected users
    | and allowed the code to be injected within individual computers who viewed
    | the affected site. I am blaming Adobe for having lack security within their
    | reader that anyone can easily target and not for the attack. Please focus
    | your comments better, Tom. Thank you.

    Assuming you are correct, it is NOT "vulnerabilities within Adobe Acrobat Reader" as it is
    in the PDF format and will affect Reader and Acrobat and depending upon what type of
    vulnerability is being exploited, FoxIT reader, etc.

    Now since you brought it up, that "The Treasury web site was hacked earlier today". You
    can'y just post words such as that. You *must* back it up with an authorative URL or
    other source of information that can be checked and cross referenced. Otherwise you may
    be considered spreading FUD or rumour.
     
    David H. Lipman, May 5, 2010
    #4
  5. Dan

    Tom Willett Guest

    ..
    :
    : Now since you brought it up, that "The Treasury web site was hacked
    earlier today". You
    : can'y just post words such as that. You *must* back it up with an
    authorative URL or
    : other source of information that can be checked and cross referenced.
    Otherwise you may
    : be considered spreading FUD or rumour.
    :
    : --
    : Dave

    Dave: I read all the news articles I could find. Yes, it was hacked, no, it
    had nothing to do with Adobe or Flash. But, the stories did explain what
    happened.

    Tom
    : http://www.claymania.com/removal-trojan-adware.html
    : Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
    :
    :
     
    Tom Willett, May 5, 2010
    #5
  6. From: "Tom Willett" <>


    | .

    :: Now since you brought it up, that "The Treasury web site was hacked
    | earlier today". You
    :: can'y just post words such as that. You *must* back it up with an
    | authorative URL or
    :: other source of information that can be checked and cross referenced.
    | Otherwise you may
    :: be considered spreading FUD or rumour.

    :: --
    :: Dave

    | Dave: I read all the news articles I could find. Yes, it was hacked, no, it
    | had nothing to do with Adobe or Flash. But, the stories did explain what
    | happened.

    Tom:

    OK, no problem there but as I stated, w/o posting an authorative URL that can be checked
    and cross referenced the poster is just creating FUD and rumour.

    Since you have read said articles, you read about the vulnerability/exploit vector. One
    of the things that is needed to be checked and cross referenced.
     
    David H. Lipman, May 5, 2010
    #6
  7. Sorry to hear of your difficulties. Pedophiles often have troubles with
    PDF readers.
     
    FromTheRafters, May 5, 2010
    #7
  8. Dan

    Dan Guest

    Here you go Tom and Dave:

    http://www.computerworld.com/s/article/9176308/Foxit_Reader_update_blocks_new_PDF_attack_tactic

    Now do you believe I am not just spreading FUD and rumors.
     
    Dan, May 6, 2010
    #8
  9. Dan

    Dan Guest

    Troll
     
    Dan, May 6, 2010
    #9
  10. From: "Dan" <>


    | Here you go Tom and Dave:

    | http://www.computerworld.com/s/article/9176308/Foxit_Reader_update_blocks_new_PDF_
    | attack_tactic

    | Now do you believe I am not just spreading FUD and rumors.

    No, that only shows a commercial article on the update the US CERT put up the information
    about.

    http://www.us-cert.gov/current/index.html#foxit_releases_foxit_reader_3

    The URL doesn't state the US Treasury was hacked.

    I know all about the exploits of PDF. I have examined several PDFs including one that was
    foisted upon me.

    When I first examined it no AV vendor recognized it as malicious with 0 hits on Virus
    Total.
    http://www.virustotal.com/analisis/a73e0e58963c963d616ee2df994983e3eb1eebc91f2187ec2b15f95db4bb3c15-1272808877


    Then I distributed it. That PDF now has 4 hits on Virus Total.
    http://www.virustotal.com/analisis/a73e0e58963c963d616ee2df994983e3eb1eebc91f2187ec2b15f95db4bb3c15-1273106812

    Avast 4.8.1351.0 2010.05.05 JS:pdfka-AEM
    Avast5 5.0.332.0 2010.05.05 JS:pdfka-AEM
    GData 21 2010.05.06 JS:pdfka-AEM
    Kaspersky 7.0.0.125 2010.05.05 Exploit.JS.Pdfka.cex

    However, Avast and Avast5 are basically the same product but different versions and GData
    uses the Avast Engine and Signtures and thus really only Avast and Kaspersky recognize the
    file as being malicious.

    The PDF exploits; CVE-2009-1492 & CVE-2007-5659
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659

    I had a malcious PDF that I submitted to McAfee WebImmune ~May 16 '09; banner.pdf
    http://www.virustotal.com/analisis/f818ff56bea0c87f2163c6424bdfc7111ba36fed1ab59b50fe1a479f8aa71423-1270542625

    Almost 1 year later and McAfee STILL does not recognize it !

    http://www.virustotal.com/analisis/f818ff56bea0c87f2163c6424bdfc7111ba36fed1ab59b50fe1a479f8aa71423-1273107588

    Now I should NOT be doing YOUR WORK!...

    You should have posted an authorative URL on the US Treasury site being hacked. I had to
    Google it because you didn't pot the URL.
    http://pandalabs.pandasecurity.com/usa-treasury-website-hacked-using-exploit-kit/

    The bottom line is that the US Treasury site was indeed hacked. The malicious actor
    inserted an IFrame redirection to a third party web site that used a laundry list of
    exploits in an "Exloit Kit".

    In the graphic Sun Java was exploited and a screen capture of Fiddler shows a Java Jar
    being downloaded which would have the Java Exploit in a .CLASS file.
     
    David H. Lipman, May 6, 2010
    #10
  11. Dan

    Dan Guest

    http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=224700780

    "Cisco's ScanSafe tracked the attack to a Web site that attempts to exploit
    numerous vulnerabilities in Adobe Reader, Adobe Acrobat, Internet Explorer,
    Microsoft Office, Symantec AppStream, and other applications, and said that
    the malicious site has targeted sites hosted by Network Solutions and
    GoDaddy."

    Okay, guys do you believe me now.
     
    Dan, May 6, 2010
    #11
  12. From: "Dan" <>

    < snip >

    | Okay, guys do you believe me now.

    Read my reply!
     
    David H. Lipman, May 6, 2010
    #12
  13. Dan

    Dan Guest

    Thank you Dave. I am sorry for not being more clear.
     
    Dan, May 6, 2010
    #13
  14. Not really, just an example of what you did, but one made more personal
    so that you can see the effect. Two disconnected statements made
    together makes readers assume a relationship between the two.
     
    FromTheRafters, May 6, 2010
    #14
  15. Dan

    Tom Willett Guest

    I believe Dan and ~BD~ are one and the same, anyway. But, a hooplehead is a
    hooplehead.

    : From: "Tom Willett" <>
    :
    :
    : | .
    :
    ::: Now since you brought it up, that "The Treasury web site was hacked
    : | earlier today". You
    ::: can'y just post words such as that. You *must* back it up with an
    : | authorative URL or
    ::: other source of information that can be checked and cross referenced.
    : | Otherwise you may
    ::: be considered spreading FUD or rumour.
    :
    ::: --
    ::: Dave
    :
    : | Dave: I read all the news articles I could find. Yes, it was hacked, no,
    it
    : | had nothing to do with Adobe or Flash. But, the stories did explain what
    : | happened.
    :
    : Tom:
    :
    : OK, no problem there but as I stated, w/o posting an authorative URL that
    can be checked
    : and cross referenced the poster is just creating FUD and rumour.
    :
    : Since you have read said articles, you read about the
    vulnerability/exploit vector. One
    : of the things that is needed to be checked and cross referenced.
    :
    : --
    : Dave
    : http://www.claymania.com/removal-trojan-adware.html
    : Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
    :
    :
     
    Tom Willett, May 6, 2010
    #15
  16. Dan

    Peter Foldes Guest

    David

    Seriously you cannot be that dense. The posting was via the Web interface. Man oh
    man you have a long way to go to know on what you think you know

    --
    Peter

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    http://www.microsoft.com/protect
     
    Peter Foldes, May 6, 2010
    #16
  17. Dan

    Dan Guest

    No, your right. I have nothing to hide from where I am.
     
    Dan, May 6, 2010
    #17
  18. From: "Tom Willett" <>

    | I believe Dan and ~BD~ are one and the same, anyway. But, a hooplehead is a
    | hooplehead.

    Not even close. BD is a UK resident and Dan is in a ComCast Albuquerque New Mexico PoP.
     
    David H. Lipman, May 6, 2010
    #18
  19. From: "~BD~" <BoaterDave@hotmail..co.uk>



    | Yes - the post was, indeed, made from the web interface.

    | By now you must realise that I was correct on this occasion!

    | Sorry if the truth hurts, Peter.

    Proving you DO have the ability to learn.

    Now stop doing what YOU WANT and keep learning what you SHOULD and SHOULD NOT be doing.
     
    David H. Lipman, May 7, 2010
    #19
  20. From: "~BD~" <BoaterDave@hotmail..co.uk>




    | Thank you for your comments, David.

    | Do you realise that *you* are part of the problem?

    | You are nearly as slippery as Mr Foldes - you have no identity and there
    | is no way that I have found to verify your integrity.

    | Neither do you have authority to TELL me what to do! Anarchy reigns here
    | on Usenet, doesn't it? Not what once it was, I suspect!

    | My guess is that you've not achieved management status yet - but no
    | doubt you will - in time!

    | Notwithstanding the above, You have not, AFAICT, ever lied to me and I
    | respect that. You have helped me too and that is appreciated also.

    | Thank you for being honest and straight-forward in this thread. :)

    I am only YOUR problem because you; troll the news groups, buddy with miscreants, violate
    policies, violate netiquette, make Usenet a "chat room", etc...

    There may be a facet of anarchy in Usenet but that does NOT mean you have to join those
    ranks.
     
    David H. Lipman, May 7, 2010
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.