• 21 May 2009Drive-By Download and Adobe Software Exploits

    I am now almost certain that the website was victim of a malware/trojan exploit (cf. recent news) because I had an old version of Adobe Reader installed, and not because of lack of Windows Updates or carelessness with downloads and such.

    The irony is, I'm not even using Adobe Reader, I'm using FoxitReader ever since versions 8 and 9 of Adobe Reader became so slow and bloated. But having not heard before of all the vulnerability problems with Adobe software, I still had the old version 7 lying around.

    Read on for useful links and tips for Windows users...

    While I didn't use Adobe Reader myself, the plugin was still present and active in the browsers! That's a very important point! I highly recommend to all Windows users to either uninstall Adobe Reader entirely and get FoxitReader, or to make sure you have the most up-to-date version of Flash and Reader (so that your browser plugins are uptodate), AND go to Adobe Reader Preferences > Javascript and TURN OFF Javascript.

    Having an up-to-date anti-virus can protect you, but won't solve the root of the problem. Windows users who haven't updated their Adobe plugins (Reader/Flash) since May 13, do it ASAP!

    PS: last time I checked Adobe Reader 9 was still incapable of remembering the last visited page of recently opened PDF documents (think of a "bookmark"). When you download a lot of documentation in PDF format, it's very handy to go to the File menu, and pick one of your recently opened documents, and continue reading from where you last were. That feature alone is worth downloading FoxitReader (it is also a standard feature on MacOS's PDF viewer).

    Useful links