• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / An XP Internet Security 2010 Infection Campaign Update

An XP Internet Security 2010 Infection Campaign Update

2010-03-24 by Jason

Earlier this month, the computers I’m responsible for were being hit hard by the XP Internet Security 2010 FakeAV that I posted about previously. A few computers each day would get infected. A lot of it was caused by the users veering off to visit non-work-related sites. I was already deploying the latest Java and Adobe Flash through Group Policy to all of my computers but I had only deployed Adobe Reader to recently provisioned machines. After the ad-delivered malware was wreaking havoc on my network and all the infected machines I dealt with were found to be running an out-of-date Adobe Reader, I deployed Adobe Reader 9.3.1 (made using this method) to all of my computers. Interestingly enough, the infections dropped down from several each day to zero. Of course, I had not deployed Adobe Reader to all of the computers for a reason and it didn’t exactly go off without a hitch, but I’d rather deal with those problems than the malware cleanups.

C|NET wrote a story about malware being delivered via website ads on Monday. This is a topic I’ve been closely following since late January when the problem was rumored to be going around, but I wasn’t able to corroborate it with my own limited research. Avast had a blog article up in February that explained how Javascript code embedded in malicious ads tried to launch attacks using exploits in Adobe Reader/Adobe Acrobat. The results seems more than coincidental. It also seems to allay the possibility that the malware campaign might have subsided or people only visited work-related websites and more like the updated Adobe Reader foiled the infection attempts from my experience.

I used the Adobe Customization Wizard to configure the install to make Adobe Acrobat the default viewer if it was installed. One of the problems I ran into after deploying Adobe Reader 9.3.1 was that those computers with older versions wouldn’t quite uninstall cleanly. In those situations, the computer wouldn’t know what application it was supposed to use in order to open a PDF. Thus my users would try to open a PDF in their browser and would receive this error:

“The Adobe Acrobat/Reader that is running cannot be used to view PDF files in a web browser. Adobe Acrobat/Reader version 8 or 9 is required. Please exit and try again.”

Users with (deployed) Adobe Acrobat had no problems opening PDFs and those that didn’t have a previous version on their computer also didn’t have a problem. I found the solution to this problem to be Solution 2 in Adobe’s Knowledge Base article on the error. Even with that information, I didn’t have a great way to install the fix across hundreds of computers. I made this batch script to add the necessary registry key:

IF NOT EXIST "C:program filesadobeAcrobat 9.0AcrobatAcrobat.exe" REG ADD HKCRSoftwareAdobeAcrobatExe /ve /t REG_SZ /d ""C:Program FilesAdobeReader 9.0ReaderAcroRd32.exe"" /f

I then used Windows Installer Wrapper Wizard to wrap the batch script into this .msi file and deployed it along with the Adobe Reader group policy. After any computer receiving this error message restarted, they were able to open PDFs just fine. To use: Download the batch script and the .msi file and put them in the same directory. Then deploy the .msi file like normal through a group policy.

A couple of weeks have gone by and there has not been a single infection across our hundreds of computers. I guess the moral of the story is, keep your Adobe Reader/Acrobat, Flash, and Java up to date to avoid infections. I believe the saying goes, “An ounce of prevention is worth a pound of cure.”

Filed Under: Security and Privacy, Software, System Administration

Trending

  • Microsoft unveils the evolutionary Surface Pro 3
    In Hardware, Gadgets, and Products
  • Internet Explorer will block out-of-date Java and other ActiveX controls
    In Security and Privacy, Software
  • Microsoft launches Surface Hub app
    In Hardware, Gadgets, and Products, Software

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in