F-Secure: Adobe attacked more than even Word

gallery

F-Secure is advising users to keep their Adobe patches up to date, as the number of attacks against its Reader software tops even those targeting Microsoft's Word.

In 2008, 34.55 per cent of targeted attacks were directed at Microsoft Word, while 28.61 per cent hit Adobe Reader. However, last year, Reader saw 49.50 per cent, topping Word's 38.50 per cent, F-Secure said in a blog post.

The first two months of this year have further cemented the change, with 61.20 per cent targeting Adobe and just 24.30 per cent hitting Word.

Attackers are switching targets because Microsoft's regular patching cycle cuts their window of opportunity on Office and Windows, meaning Adobe offers a better return on investment, F-Secure researcher Sean Sullivan told IT PRO.

"Because of the beneficial monthly update cycle, there is less opportunity to attack MS Office file types," he said. "Attackers don’t get back the same return on investment from MS Office exploits as they do Adobe Reader exploits."

"Adobe has only just recently started a quarterly update schedule... And only the most recent versions of Adobe Reader have included an automatic update feature," he explained. "Older versions of Adobe required the user to select 'check for updates' from the Help menu."

Sullivan added: "How often does the average Joe do this? Not as often as he should. Thus, the window of opportunity has been greater with PDF file types and it is reflected in the numbers during 2009 and 2010."

Email to a friend

Print this page