Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Overwrites Software Updaters

Posted by Soulskill on from the i'm-sure-the-updaters-don't-go-down-without-a-fight dept.

itwbennett writes "Researchers at Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, have found a new type of malware that 'masks itself as an updater for Adobe Systems' products and other software such as Java,' wrote BKIS analyst Nguyen Cong Cuong in a post on the company's blog. BKIS showed screenshots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available."

5 of 78 comments (clear)

  1. Irony: Adobe and Java updaters targeted by Metrathon · · Score: 5, Insightful

    I've always filed the original forms of both these aggressive updaters under malware anyway...

    1. Re:Irony: Adobe and Java updaters targeted by spun · · Score: 5, Funny

      Adobe installers are pernicious, sneaky, and they will attempt to install things you don't want. When an installer that acts like malware gets replaced with real malware, that could be classified as 'totally ironic' on the Morrisette Irony Scale.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  2. I'm torned by Yvan256 · · Score: 5, Funny

    On the one hand, it's malware, on the other hand it replaces software from Adobe.

    I can't decide if it's an enhancement or not.

  3. The only way you can tell if you are infected by Anonymous Coward · · Score: 5, Funny

    If your copy of AdobeUpdater.exe runs reliably without unexplained crashing, you are probably running the malware version.

  4. i had a bout of paranoia where i imagined this by circletimessquare · · Score: 5, Interesting

    about a month ago, while going through the motions of updating java one day (clicking on all those security warnings, running the little interface), i thought: to hack a system, why not just copy this stupid little interface and have the user gleefully click through all of the little security warnings?

    and now my fleeting paranoia is reality: you can't trust the updaters anymore

    which makes this news from two days ago all the more prescient:

    http://it.slashdot.org/article.pl?sid=10/03/24/189248

    "Microsoft To Distribute Third-Party Patches"

    furthermore, i despise the fact that just because i have quicktime and adobe and java installed, i have to always have these useless potentially bogus processes constantly running in the background doing nothing but waiting for their once monthly updates

    it makes much better sense to have ALL software updated through one repository which, obviously, has to be microsoft

    now microsoft is responsible for a secure update process, you don't have to worry about 9 different third party update mechanisms and have them constantly running, and finally, the big fat shiny nail in the coffin: you don't have to worry about this malware posing as an updater

    a negative being: now you're pretty much sending microsoft a manifest of all of your installed software every time you get an update, but i see no way around that without this new hack entering the picture

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it