PCSA2009-06

A new 'Zero-Day' exploit has been discovered attacking computers running Adobe Acrobat Reader and Adobe Flash Player. Zero-day means that the attack was discovered being actively used 'in-the-wild' before the software manufacturer orsecurity companies had any prior knowledge of it.

This is a PC Surgeon High Priority Alert, as there is a strong chance of the exploit being used to spread infection via spam and also spreading 'drive-by' style by appearing on compromised websites.

The vulnerability seems to be in a common video component of both Acrobat Reader and Flash Player (programs found on most computers). Because the vulnerability can be exploited by simply visiting the wrong website or having an infected web page displayed (for example spam, adverts within websites etc.), it is likely to very quickly become a significant problem.

To mitigate your computers susceptibility to this issue, you should over the next week or two avoid opening PDF documents that you were not explicitly expecting to receive. In addition, running the PC Surgeon recommended No-Script add-on in Firefox will disable the chance of this attack getting at you via infected websites. PC Surgeon recommends all of its customers to use Firefox with No-Script. This is a free solution and greatly increases your level of defence against these web-based exploits.

For those of you who are unsure about how to do this or would like to discuss the implications (and unfortunately, there are some disadvantages that come with using no-script), please do not hesitate to call and we will be happy to advise.

Regards,