Category: Shadow

PDF Zero Day Vulnerability in the Wild

Paul

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.

Did you Recieve a Check from Shadow Shopper? (Scam)

Paul6 Replies

I just got done checking my sources and here what I know and I will quote:

Will ShadowShopper.com ever send a job to me via regular mail?
Never. We will always contact you via email. If you do receive a letter in the mail claiming to be from ShadowShopper (with a realistic looking logo) and asking you to mystery shop by cashing a large check THROW THAT OFFER AWAY. It is a Nigerian check scam ring pretending to be Shadowshopper. The scam is run out of Canada and the UK, and the check will bounce. Remember, ShadowShopper provides you with hundreds of job opportunities, and for your protection, we do it only via email and our website.

[via Common Questions]

It is a Scam to send you money Via the postal mail and that is why you must not believe what you get in the mail. This is in response to someone telling me they got a check with a different name but for the same reason to cash the check and send money to them.

[ad]

If anyone has any information they would like to add about this by all means talk about it in the comments. I want to hear where the check cam from or who sent it. You should also check out my other article about Nationwide Marketing that is also a Scam.