Security | 11 Mar 2010 :
F-Secure is advising users to keep their Adobe patches up to date, as the number of attacks against its Reader software tops even those targeting Microsoft's Word.
In 2008, 34.55% of targeted attacks were directed at Microsoft Word, while 28.61% hit Adobe Reader. Last year however, Reader saw 49.50%, topping Word's 38.50%, F-Secure said in a blog post.
The first two months of this year have further cemented the change, with 61.20% targeting Adobe and just 24.30% hitting Word.
Attackers are switching targets because Microsoft's regular patching cycle cuts their window of opportunity on Office and Windows, meaning Adobe offers a better return on investment, said F-Secure researcher Sean Sullivan.
"Because of the beneficial monthly update cycle, there is less opportunity to attack MS Office file types," he said. "Attackers don't get back the same return on investment from MS Office exploits as they do Adobe Reader exploits."
"Adobe has only just recently started a quarterly update schedule... And only the most recent versions of Adobe Reader have included an automatic update feature," Sullivan explained. "Older versions of Adobe required the user to select 'check for updates' from the Help menu."
"How often does the average Joe do this? Not as often as he should. Thus, the window of opportunity has been greater with PDF file types and it is reflected in the numbers during 2009 and 2010."