Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Overwrites Software Updaters

Posted by Soulskill on from the i'm-sure-the-updaters-don't-go-down-without-a-fight dept.

itwbennett writes "Researchers at Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, have found a new type of malware that 'masks itself as an updater for Adobe Systems' products and other software such as Java,' wrote BKIS analyst Nguyen Cong Cuong in a post on the company's blog. BKIS showed screenshots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available."

78 comments

  1. Irony: Adobe and Java updaters targeted by Metrathon · · Score: 5, Insightful

    I've always filed the original forms of both these aggressive updaters under malware anyway...

    1. Re:Irony: Adobe and Java updaters targeted by Anonymous Coward · · Score: 1, Insightful

      How is that ironic?

    2. Re:Irony: Adobe and Java updaters targeted by spun · · Score: 5, Funny

      Adobe installers are pernicious, sneaky, and they will attempt to install things you don't want. When an installer that acts like malware gets replaced with real malware, that could be classified as 'totally ironic' on the Morrisette Irony Scale.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    3. Re:Irony: Adobe and Java updaters targeted by Ephemeriis · · Score: 3, Insightful

      I've always filed the original forms of both these aggressive updaters under malware anyway...

      Agreed.

      I always disable automatic updating on everything I can... And then I'll manually check it once a month or so.

      I realize I'm probably missing some updates, and probably vulnerable to some threats... But I just hate logging in to my computer and getting bombarded with four or five different update notices.

      --
      "Work is the curse of the drinking classes." -Oscar Wilde
    4. Re:Irony: Adobe and Java updaters targeted by plover · · Score: 3, Funny

      ... on the Morrisette Irony Scale.

      I've got one of those. Mine goes to 10.

      --
      John
    5. Re:Irony: Adobe and Java updaters targeted by O-Deka-K · · Score: 1

      Mine goes to 11, which is one better than yours. See: http://www.xkcd.com/670/

    6. Re:Irony: Adobe and Java updaters targeted by Anonymous Coward · · Score: 0

      Right now in my Task Manager "GoogleUpdate.ex" is running. I click End Process and access is denied.

      I have previously removed this program, but it is reinstalled if I install a minor update of Google Earth. I'm not actually concerned about all Google's privacy issues. But I HATE that they arrogantly have this software updater running, when I am perfectly capable of installing/updating their software myself!

    7. Re:Irony: Adobe and Java updaters targeted by ndogg · · Score: 1

      You misspelled her name. How completely Morissette Ironic!

      --
      // file: mice.h
      #include "frickin_lasers.h"
    8. Re:Irony: Adobe and Java updaters targeted by Sir_Lewk · · Score: 1

      See http://www.imdb.com/title/tt0088258/ even.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    9. Re:Irony: Adobe and Java updaters targeted by Anonymous Coward · · Score: 0

      http://xkcdsucks.blogspot.com/2009/12/comic-670-on-scale-from-1-to-awesome.html

    10. Re:Irony: Adobe and Java updaters targeted by Anonymous Coward · · Score: 0

      How is your comment not trolling?

    11. Re:Irony: Adobe and Java updaters targeted by 24-bit+Voxel · · Score: 1

      I dont have that installed but chances are it can be turned of in the services area for windows os. A reboot would probably be required.

    12. Re:Irony: Adobe and Java updaters targeted by Anonymous Coward · · Score: 0

      best xkcd ever!

    13. Re:Irony: Adobe and Java updaters targeted by Dumnezeu · · Score: 1

      But I just hate logging in to my computer and getting bombarded with four or five different update notices.

      If you actually perform the update, they go away. I've never encountered your "problem" and I've never seen any crapware installed by Adobe's updater set to automatic.

      --
      Yes, it's sarcasm. Deal with it!
  2. That's a Good Idea by Petersko · · Score: 2, Insightful

    Everybody I know would click through that bad boy without a moment's hesitation.

    1. Re:That's a Good Idea by gumbi+west · · Score: 1

      You do have to wonder why it would want to do this. If it already has the box rooted, why not just do what it wants? If it doesn't how did it overwrite an application? In OS X you have to type in an admin pw for it to update, but I don't think it could overwrite an application without being root, so I don't know why it would care.

    2. Re:That's a Good Idea by Talennor · · Score: 1

      Because, instead of registering yourself to run by using the registry, you're substituting your payload for a program already set to run. It makes less noise and requires actually scanning the running processes instead of scanning the Windows registry and filenames of running processes. It's also easier for new virus writers to do.

      And to contradict this entire thread: GP is missing the point, too. The malware isn't looking for further user interaction. Just a hook on startup to get going and doing its thing.

      Wondering why this is news and what's really new about this? Well, it's not. It's all old stuff. A security researcher quoted in the article says as much.

      --

      //TODO: signature
    3. Re:That's a Good Idea by Artifakt · · Score: 1

      if a program can overwrite the updater in general, it could probably overwrite selectively, so it claims to be an already installed higher version number or newer patch than the what the real software is likely to produce in the next few months. Six months, a year or so later, the real updates overlap the malware and replace it, which effectively erases the malware, but it's usually had enough time to do whatever the designer wanted in the interm. The more the target software adheres to a predictable update schedule, the more the malware can target a precise window, which in turn both minimizes early detection and cleans up the old boxes in preparation for the next exploit. It's kind of a script kiddie solution rather than a deep magic approach, but not totally without cleverness.

      --
      Who is John Cabal?
  3. I'm torned by Yvan256 · · Score: 5, Funny

    On the one hand, it's malware, on the other hand it replaces software from Adobe.

    I can't decide if it's an enhancement or not.

    1. Re:I'm torned by ByOhTek · · Score: 3, Funny

      So... malware disguising itself as malware? Brilliant!

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
    2. Re:I'm torned by rcuhljr · · Score: 4, Funny

      I was going to mod this insightful until I saw the phrase "I'm torned"

    3. Re:I'm torned by gumbi+west · · Score: 1

      If you have an Adobe application, you must think having it is better than not (or else, what is it doing there). I keep the reader around because it can do the most complicated pdfs better than any other reader. Annoying that this is how the pdf standard is... I keep a copy of word around for the same reason.

    4. Re:I'm torned by Anonymous Coward · · Score: 1, Interesting

      OSS Alts Exist for reading PDF's that don't have this pushy update system. That's the problem is that when you launch any adobe produce, it launches the updater, which is the problem(Executable redirect). ;

    5. Re:I'm torned by CannonballHead · · Score: 2, Insightful

      In other words, you were going to mod a post insightful until you read the first two words of the post? Hm. ;)

    6. Re:I'm torned by plover · · Score: 3, Interesting

      I completely neutered my copy of Adobe. I removed all the plug-in DLLs that did stuff I don't need or care about, or that were a security threat: accessibility, web linking, etc. I shut off Javascript execution in the preferences panel. And I disabled and removed everything related to Adobe Updater. If I feel like updating it, I will. (Hint: I don't.)

      I can still view ordinary documents without trouble. I can't "use" a form in the way that some companies have replaced their web browsers with Adobe front ends, but that's OK by me -- it's not required for my day job, and I certainly don't have to give fools like that my personal business.

      As a bonus, Adobe Reader launches much faster than before.

      --
      John
    7. Re:I'm torned by idontgno · · Score: 3, Informative

      This is slashdot*. "Reading" has absolutely nothing to do with any post, any comment, any moderation, or any action or decision here whatsoever.

      You must be new here.

      *Yes, I am kicking you into a pit as I yell that.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    8. Re:I'm torned by gumbi+west · · Score: 1

      I don't deny that OSS alternatives exist. However, there are pdf documents that they don't layout correctly--so I need acrobat reader. Sometimes even LaTeX can break them and jstor is really likely to.

    9. Re:I'm torned by psoriac · · Score: 1

      Would you be willing to share the process you used to do that?

      --
      I browse Slashdot at +3, Funny
    10. Re:I'm torned by plover · · Score: 2, Informative

      I started by opening the Program Files\Adobe\Reader x.x\ folder. You'll see a folder called plug_ins. Make a new folder called "unwanted_plug_ins". Open the original plug_ins folder and you'll see a bunch of .API files (they're just renamed DLLs.)

      I picked through them by name, and got rid of the obvious ones first: SendMail.API, ReadOutLoud.API, weblink.API, etc. I just dragged them to the "unwanted" folder. I then opened Adobe Reader and did some simple viewing tests with an existing PDF to make sure it still worked.

      Later, when I opened something from the web that didn't work right, it was pretty obvious that I had removed something it wanted. The error was something like "couldn't verify digital signature" so I restored the original DigSig.api file.

      It was just some basic crawling thru their junk and applying common sense, nothing spectacularly innovative.

      --
      John
    11. Re:I'm torned by Hurricane78 · · Score: 1

      Or you could have simply installed another PDF reader!

      Did you buy an iPhone and jail-broke it, by any chance? ;)

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  4. Even TFA admits nothing new by Orga · · Score: 4, Informative

    Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior security advisor for Trend Micro.

  5. The only way you can tell if you are infected by Anonymous Coward · · Score: 5, Funny

    If your copy of AdobeUpdater.exe runs reliably without unexplained crashing, you are probably running the malware version.

  6. Adobe was removed 3 years ago by Finallyjoined!!! · · Score: 2, Interesting

    On the strength of this, looks like Java will be following it.

    What difference will that make to my general new-fangled-interweb experience?

    Enquiring minds need to know...

    --
    If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
    1. Re:Adobe was removed 3 years ago by mandelbr0t · · Score: 3, Funny

      Absolutely none, assuming you are still using Lynx :-D

      --
      "Please describe the scientific nature of the 'whammy'" - Agent Scully
    2. Re:Adobe was removed 3 years ago by BitZtream · · Score: 2, Insightful

      You're going to stop using Java because you just heard about someone making malware that pretends to be the updater ...

      If you're going to stop using any software package that has been used as a facade for a malware infection that you probably just need to stop using your computer now, I don't know of an OS that hasn't been attacked with a fake dialog trying to trick a user.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    3. Re:Adobe was removed 3 years ago by Volante3192 · · Score: 2, Funny

      I don't know of an OS that hasn't been attacked with a fake dialog trying to trick a user.

      From the comments I see here regularly, apparently Linux and OS X.

    4. Re:Adobe was removed 3 years ago by Finallyjoined!!! · · Score: 1

      You should get out more.......

      --
      If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
    5. Re:Adobe was removed 3 years ago by Chris+Mattern · · Score: 2, Funny

      I have never seen a fake Linux dialog. I've had my browser in Linux display fake *Windows* dialogs. They tend to be fairly...obvious.

    6. Re:Adobe was removed 3 years ago by not-my-real-name · · Score: 1

      It's still a fake dialog trying to trick the user. In your case, it just didn't succeed.

      --
      un-ALTERED reproduction and dissimination of this IMPORTANT information is ENCOURAGED
    7. Re:Adobe was removed 3 years ago by Hurricane78 · · Score: 1

      What dialogs? Real men don’t need no stinkin” GUIs!

      Yes, I’m posting this, by holding an acoustic coupler like a telephone and whistling. Now get off my line!

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  7. i had a bout of paranoia where i imagined this by circletimessquare · · Score: 5, Interesting

    about a month ago, while going through the motions of updating java one day (clicking on all those security warnings, running the little interface), i thought: to hack a system, why not just copy this stupid little interface and have the user gleefully click through all of the little security warnings?

    and now my fleeting paranoia is reality: you can't trust the updaters anymore

    which makes this news from two days ago all the more prescient:

    http://it.slashdot.org/article.pl?sid=10/03/24/189248

    "Microsoft To Distribute Third-Party Patches"

    furthermore, i despise the fact that just because i have quicktime and adobe and java installed, i have to always have these useless potentially bogus processes constantly running in the background doing nothing but waiting for their once monthly updates

    it makes much better sense to have ALL software updated through one repository which, obviously, has to be microsoft

    now microsoft is responsible for a secure update process, you don't have to worry about 9 different third party update mechanisms and have them constantly running, and finally, the big fat shiny nail in the coffin: you don't have to worry about this malware posing as an updater

    a negative being: now you're pretty much sending microsoft a manifest of all of your installed software every time you get an update, but i see no way around that without this new hack entering the picture

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:i had a bout of paranoia where i imagined this by BitZtream · · Score: 1, Troll

      You mean after at least 15 years of popup ups on web pages trying to appear to be desktop applications for 'cleaning your registry' or 'defragmenting your system' ... that you JUST NOW realized they might actually do it with real desktop apps ....

      Seriously? Is this your first day on the Internet?

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    2. Re:i had a bout of paranoia where i imagined this by andrea.sartori · · Score: 1

      s/microsoft/debian

      --
      Mostly harmless.
    3. Re:i had a bout of paranoia where i imagined this by CranberryKing · · Score: 3, Interesting

      It is surprising that MS hasn't done this yet. I don't think every app should be required to go through through a package manager, but it just makes sense for the big ones. GNU/Linux has had this for years. And I've had it with Adobe.

    4. Re:i had a bout of paranoia where i imagined this by Kaboom13 · · Score: 3, Informative

      By the way, that article title was bullshit, it was about a 3rd party product that integrates with Microsoft's own WSUS server (used to distribute and control patching of Microsoft software) and uses it's api to distribute third party patches. It costs money, a decent amount of money. MS is not taking on the task of distributing 3rd party patches. You can read my comment on that story if you want to learn more about Secunia's product, I beta tested it. It's bad enough the editors do their best to pass on ignorance and misinformation, please don't help them.

    5. Re:i had a bout of paranoia where i imagined this by Anonymous Coward · · Score: 2, Insightful

      But then how would the apps use their fancy new updater with the "purchase premium version" and other nonsense advertisements for toolbars and other bullshit?

    6. Re:i had a bout of paranoia where i imagined this by mcgrew · · Score: 1

      furthermore, i despise the fact that just because i have quicktime and adobe and java installed, i have to always have these useless potentially bogus processes constantly running in the background doing nothing but waiting for their once monthly updates

      it makes much better sense to have ALL software updated through one repository which, obviously, has to be microsoft

      I think it makes more sense for these apps to STFU and not run at all, unless another program calls them. THEN it can update, or better yet, just have an updater run on boot then shut itself the hell off until you need the app.

      I hate today's mantra of "throw more hardware at it".

      --
      Free Martian Whores!
    7. Re:i had a bout of paranoia where i imagined this by Vexo · · Score: 1

      it makes much better sense to have ALL software updated through one repository which, obviously, has to be microsoft

      Yes of course - why waste time finding exploits in individual update services when it's so much easier to just go ahead and infect everything at once.

    8. Re:i had a bout of paranoia where i imagined this by Talennor · · Score: 1

      about a month ago, while going through the motions of updating java one day (clicking on all those security warnings, running the little interface), i thought: to hack a system, why not just copy this stupid little interface and have the user gleefully click through all of the little security warnings?

      Because by the time you've overwritten the updater software and you're displaying a UI you're already running code on the system. A prerequisite to your idea is that the system already be hacked. So no, it can't help you hack a system.

      Basically, a virus will not let you know what it's doing. And your autoupdate services are either already running malicious code or they won't go out and download bad stuff. You're perfectly safe going through dialogs and letting Java update itself.

      --

      //TODO: signature
    9. Re:i had a bout of paranoia where i imagined this by Bigjeff5 · · Score: 1

      Correctly written these updaters would use essentially no resources at all while loaded, unfortunately that is not the case.

      You could have 50 of them running and not doing anything, but no, can't do that can we?

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    10. Re:i had a bout of paranoia where i imagined this by dissy · · Score: 1

      I think it makes more sense for these apps to STFU and not run at all, unless another program calls them. THEN it can update, or better yet, just have an updater run on boot then shut itself the hell off until you need the app.

      Or someone should introduce their programmers to crontab and Scheduled Tasks, as those were invented to do exactly that while using the least resources as possible.

    11. Re:i had a bout of paranoia where i imagined this by thejynxed · · Score: 1

      I think they should. They should also all require signing by Microsoft and the software vendor, which can be revoked by Microsoft and locally by system administrators.

      I for one, would welcome Steam as an integrated part of Windows 8.

      Wow, if they did that, I would have an actual use for that TPM chip that's sitting on my motherboard.

      --
      @Mindless Drivel: 100% of Twitter posts ever Tweeted.
    12. Re:i had a bout of paranoia where i imagined this by Anonymous Coward · · Score: 0

      What happens when gethostbyname("adobe.com") returns an evil IP address (other than 192.150.18.117)? There are several ways that can happen without malicious software already running.

      When you're just blindly "clicking on all those security warnings", all bets are off.

  8. Thiefs! by Anonymous Coward · · Score: 1, Funny

    They have stolen my idea! Can I patent malware?

    1. Re:Thiefs! by Anachragnome · · Score: 2, Interesting

      "Can I patent malware?"

      Interesting question.

      Maybe if all of this was patented, the person with the patents could then sue the snot out of all the people using this malware (the distributors of it) and ask for subpoenas to get them IDed so that they could be reported to the Feds for prosecution.

      Wait. Bad idea. Putting something like that in the hands of Patent Trolls would be the end of Civilization as we know it...and we all know the additional costs of Malware would simply be passed on to the customer.

  9. Oh, for the good old days... by DigitalSorceress · · Score: 4, Interesting

    I used to sit there and think, "well, if I were a criminal, I'd do this, that and the other" (this that and the other being stuff like replacing updaters, faking out security software so it couldn't update, having multiple processes that "watchdogged" each other, yada yada). Nowadays, they're doing that shit and a whole lot more I never thought of.

    Once your system is comprised, it's pretty much never a good idea to trust it until its been completely rebuilt from the ground up.

    I'm currently in the middle of doing this for a friend. Whatever the heck he had was so dug in that I had him replace the hard drive, reinstall a fresh OS, patch up, reinstall apps from disk, and now I'm restoring his user data from the original drive (carefully with auto-run disabled) mounted from a USB enclosure.

    --

    The Digital Sorceress
    1. Re:Oh, for the good old days... by Anonymous Coward · · Score: 1

      Yes. I think that the people who design modern malware need to burn in a special circle of hell. The persistence of a lot of this software is staggering to say the least...

    2. Re:Oh, for the good old days... by spedrosa · · Score: 1

      You had him *replace* a harddrive because of malware?

    3. Re:Oh, for the good old days... by Anonymous Coward · · Score: 2, Informative

      Check the HPA (host protected area) of the drive. I'd wager it's hiding in there.

  10. Who cares? You're already compromised by WD · · Score: 2, Interesting

    I don't get it. If your system has had Administrator-owned files replaced with malicious versions, then your system has already been compromised! Game over. It's already too late.

  11. believe it or not by circletimessquare · · Score: 0, Flamebait

    there's a difference between a pop up in a browser frame and a modal dialog box from an application

    and, get this, you can actually see the difference

    and, i hope i'm not getting too far ahead of you here, it matters in terms of what kind of attack vector you are dealing with

    have i totally blown your mind yet? ;-P

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:believe it or not by Spad · · Score: 2, Informative

      Not to 90% of users there isn't.

  12. Well that doesn't mean much by Anonymous Coward · · Score: 2, Funny

    Seeing as how 'a black fly in your chardonnay' is classified as 'pretty darn ironic' on the Morrisette Scale, I think her scale might be broken.

    1. Re:Well that doesn't mean much by Doctor+Morbius · · Score: 1

      It was called "Ironic" because none of the things described in the song were ironic.

      --
      If I disagree with you it's because you are wrong.
    2. Re:Well that doesn't mean much by commodore64_love · · Score: 1

      I don't know why people keep saying "Ironic" is not ironic, so I went off to wikipedia:

      (1) That song was released in 1996. 14 years ago! Man time flies by fast. I was still just a college kid.

      (2) Wikipedia says, "Two situations that Morissette describes in the song are arguably examples of cosmic irony: events that, as the Oxford English Dictionary puts it, appear "as if in mockery of the fitness or rightness of things", such as "a death row pardon..... two minutes too late".

      (3) I always figured Morisette was just using the slang that was popular at the time with teens. Like "Psych!" Or "Spaz!" Or "Ironic!" Per usual with teen catchphrases, they are not used in proper fashion.

      (4) Ironic was Alanis Morisette's most popular song, and yet it only peaked at number 4 on the Billboard Hot 100. Her other songs peaked much lower. I'm surprised since I thought her songs had achieved higher popularity than that, considering how much I heard them played on the radio.

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    3. Re:Well that doesn't mean much by cbiltcliffe · · Score: 3, Funny

      I'm surprised since I thought her songs had achieved higher popularity than that, considering how much I heard them played on the radio.

      Yes. Ironic, isn't it? :P

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  13. Adobe by dandart · · Score: 4, Insightful

    Now if that's not an excuse to get away from Adobe Reader, what is? This?

  14. This sucks by hduff · · Score: 0, Troll

    Why are these Windows malware problems constantly cropping up?

    If only there were a less malware-prone OS to use . . .

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  15. damn fake dialogs! by Sloppy · · Score: 1

    I don't know of an OS that hasn't been attacked with a fake dialog trying to trick a user.

    Me neither, and sometimes I even fall prey to it.
    # sudo apt-get install malware
    Password:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following NEW packages will be installed:
        cool-benign-app-1.1
    After this operation, 1.6MB of additional disk space will be used.
    Do you want to continue? [Y/n]? y

    I did that and got infected. WTF?! I'll never use cool-benign-app again!

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  16. Most Ironic in Britain by Anonymous Coward · · Score: 0

    See while most only go to 10, ours goes to 11.

    That's one more ironic.

  17. Intuit products by Anonymous Coward · · Score: 0

    furthermore, i despise the fact that just because i have quicktime and adobe and java installed, i have to always have these useless potentially bogus processes constantly running in the background doing nothing but waiting for their once monthly updates

    All Intuit products do this to and it annoys the piss out of me - annoyed the piss, I mean, since I ripped every goddamn Intuit app off of my system.

  18. That's why I love Linux by scorp1us · · Score: 1

    One central updater.. for everything! Plus its Linux, so its not like there's malware there anyway.

    I did notice one time though that the Ubuntu updater did update Firefox and a bunch of things stopped working. I had to reboot to clear it. I tracked it down to a library that had been updated, that apparently was confusing ld or something. Would have been nice to have been warned...

    Anyway, the fact that there is only one updater is a win for Linux.

    --
    Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
  19. A really good strategy by DarkOx · · Score: 1

    That is a really good strategy as lots corporate device control polices will have exceptions for those sorts of things. Now admins should be using hashes to check those but we all know they just trust the name because its a pain to update their policy evertime an updater gets updated.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  20. I'm surprised it took so long by dave562 · · Score: 1

    When Microsoft introduced Windows Update there was a lot of speculation that it would be compromised and used as an infection vector. That threat never seemed to materialize. I always thought that the 3rd party apps like Adobe, Java, etc would be more vulnerable due to the fact that they run on the local machine.

    At the rate it takes Microsoft to adjust, we should have a centralized patch management system by 2020.

  21. Stop calling it Malware by QJimbo · · Score: 1

    I'm tired of malware being differentiated just because it comes from a commercial entity. When you're replacing things that are practically system components (assuming most people have adobe pdf reader installed) then as far as I'm concerned this is a trojan, not some innocent advertising software.

    Companies that make this software are getting too easy a ride on this and should be taken to court the same way someone who writes an Internet Worm would.

  22. Re:I'm torned - going offtopic by Gorphrim · · Score: 2, Insightful

    I completely neutered my copy of Adobe.

    Just curious, instead of going to all that trouble, why wouldn't something like Foxit be simpler and easier with similar results?

    --

    Queens of the Stone Age - they rule
  23. GoogleUpdate.exe by Anonymous Coward · · Score: 0

    Next time you "del GoogleUpdate.exe", try "mkdir GoogleUpdate.exe" That should stop it from being reinstalled for a while, unless it really is malware.