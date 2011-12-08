* Adobe working on fix for problem

* Lockheed says normal monitoring found vulnerability

* More evidence of campaign against defense firms-analyst

By Andrea Shalal-Esa

WASHINGTON, Dec 7 Lockheed Martin Corp and other U.S. defense firms were targeted by hackers using a previously unknown vulnerability in Adobe Reader, the latest in a series of increasingly persistent attacks against U.S. weapons makers, security experts said on Wednesday.

Lockheed, the Pentagon's biggest supplier, said it detected the attempted attack through normal monitoring activities and immediately notified Adobe, but its information systems were never breached.

Adobe credited Lockheed and other companies in the Defense Security Information Exchange, a group of major defense contractors that share information about computer attacks, with finding and reporting the critical vulnerability.

The DSIE includes companies that are also part of the "Defense Industrial Base," a pilot program involving major defense contractors that regularly share information on network threats with each other and the government.

Adobe spokeswoman Wiebke Lips said it had received reports that the vulnerability "is being actively exploited in the wild in limited, targeted attacks specifically against Adobe Reader 9.4.6 on Windows," but declined to give any details. Adobe said it will release a fix for the problem next week.

Sam Visner, lead cyber executive with CSC , said the latest incident was interesting given the number of threat components reported, the malware's ability to encrypt data while still stored on the target computer, and the specific nature of the 'pitch' used to gain access.

The attack emails included a PDF document labelled as a "contract guide" of potential interest to defense contractors. If opened, malware hidden in the PDF could compromise the targeted computer.

"All of this points to a threat deliberately fashioned to gain information from defense contractors," Visner said. He declined comment on whether CSC was targeted by the exploit.

Lockheed, which reported in May that it had been the target of a "significant and tenacious" cyber attack, said its networks had not been penetrated in the attempted attack.

"Our systems blocked any access by the adversary and Lockheed Martin information systems remain secure," Whitlow said by email.

Dmitri Alperovitch, former vice president of threat research at security company McAfee, said the attack on the defense sector was not surprising. "They're targeted daily," he said. "Most of the time they do get hacked."

Anup Ghosh, chief executive of Invincea, a cyber security firm, said the attack was more evidence that sophisticated adversaries were doggedly trying to get critical information about U.S. weapons systems.

"We don't exactly know who launched this, but given the targets are the large defense companies, there's no doubt that these are foreign nations going after U.S. intellectual property," Ghosh said.

He said traditional security approaches such as anti-virus software were ineffective against previously unknown malware such as this, and new approaches were needed.

Attackers were increasingly using emails with seemingly innocuous PDFs or human resources documents that were difficult for individual users to identify as dangerous.

Applying a patch to the identified issue would only last until the next threat was identified. "This is just putting another finger in the dike where you've got so many holes that it's about to burst," he said.

Ghosh said one new approach offered by his company allowed attachments such as PDFs and Word Documents to be opened in a separate "virtual" environment that was separate from the computer desktop, preventing it from infecting that computer.