Hackers compromise Adobe server, use it to digitally sign malicious files

Adobe is taking steps to revoke the certificate used to create the signatures 

The story, "Hackers compromise Adobe server, use it to digitally sign malicious files," was inadvertently posted to the wire Friday during the editing process.

The story has been fixed on the wire, and the corrected paragraphs seven, eight and 19 follow:

Paragraphs seven and eight:

Brad Arkin, Adobe's senior director of security for products and services, wrote in a blog post that the rogue code samples have been shared with the Microsoft Active Protection Program (MAPP) so security vendors can detect them. Adobe believes "the vast majority of users are not at risk" because tools like the ones that were signed are normally used during "highly targeted attacks," not widespread ones, he wrote.

"At the moment, we have flagged all the received samples as malicious and we continue monitoring their geographical distribution," Botezatu said. BitDefender is one of the security vendors enrolled in MAPP.

Paragraph 19:

It's hard to determine the implications of this incident, because we can't be sure that only the shared samples were signed without authorization, Botezatu said. "If the password dumper application and the open-source SSL library are relatively innocuous, the rogue ISAPI filter can be used for man-in-the-middle attacks - typical attacks that manipulate the traffic from the user to the server and vice-versa, among others," he said.