By Dan Goodin in San Francisco
18th December 2009
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that
redirected anyone visiting the movie review site to a server containing
a malicious Adobe Reader file.
The attack targeted a vulnerable PHP script on one of AICN's servers
that automatically appended the malicious link to banner ads served on
the site, its publisher, Roland De Noie, said. As a result, anyone
visiting the site over a 90-minute period on Thursday morning was
silently redirected to speedconnection .cn which served a malicious file
The booby-trapped PDF, according an analysis by researchers at
Praetorian Prefect, exploited two vulnerabilities in Adobe Reader that
the company has already fixed. When the file is opened by unpatched
versions of Reader, it launches malicious shell code that hijacks the
machine. Only 12 of the 41 major anti-virus programs currently detect
the trojan, according to this VirusTotal analysis.
In September, Mozilla found that more than half of Firefox users used
insecure versions of Adobe Flash. It wouldn't be surprising to find a
similarly large proportion of the population using out-of-date versions
of Reader, too.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News