Defcon talk: 0-day, gh0stnet and the Adobe JBIG2Decode disclosure debalce – Steven Adair
August 2nd, 2009
No comments
This talk gave an insight into how Steven Adair and his coworker Matt Richard found out about an actively abused 0-day exploit in Adobe Acrobat and the how responsible disclosure got it in a mess.
Their investigation of this specific vulnerability was triggered by an Adobe advisory which discussed the vulnerability without much detail, but mentioned the name the command and control server. Analyzing their malicious PDF samples they found this server in a malicious sample from a bit earlier and they already had the server name in their DNS monitor.