LOS ANGELES – Adobe users who haven't updated their websites and computers with new patches may be at risk due to a security hole. The problem can compromise server security at any website not running the most recently patched versions of Adobe Acrobat and Adobe Flash Player.
This recently discovered vulnerability in the Adobe software, which runs locally on a computer, can lead to malware stealing FTP credentials with the potential for other security breaches as well on site servers. Attackers would be able to use client FTP credentials to deface websites and insert malicious code.
To that effect the United States Computer Emergency Readiness Team explained the malware exploit circulating is a drive-by-download exploit with multiple stages and is being referred to as "Gumblar."
"The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them," US-CERT said. "Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable Web applications, etc. The second stage of this exploit occurs when users visit a website compromised by Gumblar. Users who visit these compromised websites and have not applied updates for known PDF and Flash Player vulnerabilities may become infected with malware. This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials that can be used to conduct further exploits. Additionally, this malware may also redirect Google search results for the infected user.
US-CERT encourages users and administrators to apply software updates in a timely manner and use up-to-date antivirus software to help mitigate risks.
Several adult hosting companies confirmed to AVN.com they were aware of the problem and tech teams were checking servers and working through the potential problem, if discovered.
"All that we can do in this situation is regurgitate the publicly available information and notify our clients that they are at risk if they are not running the latest versions of Adobe software and are current with anti-virus protection," MojoHost CEO Brad Mitchell told AVN.com. "We have received a very constructive and positive response from our clients about sharing this information and will continue to make best efforts for sharing important information such as this in the future. In my view, this is just a very practical example of how truly important it is to not be remiss about patching local software and always being up-to-date with anti-virus subscriptions."
Other hosting firms, such as OC3 Hosting, confirmed their technical team are on the case and doing all the work necessary for managed clients, checking each server in their respective networks.