3 Replies Latest reply on Jun 7, 2013 3:46 PM by linuxlarsmcafeesecurity

    Is wwwimages.adobe.com a threat?

      We're seeing a messge in the browser of "Waiting for wwwimages.adobe.com..." occassionally when we're launching an enterprise Flex application.

       

      Checking several of the links on that site, including http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe.js, there are no Adobe copyright statements or anything indicating this is their site, and the site is registered to Akamai Technologies. I just got off the phone with Adobe; they confirmed it's not a site they own.

       

      I'm concerned that we have malware installed that's not being detected by McAfee Enterprise.

       

      Does anyone have any experience with this, or any suggestions on what to do?

       

      Thanks.

      Larry

        • 1. Re: Is wwwimages.adobe.com a threat?
          Peter M

          Moved from Home to Business > VSE for better attention.

          • 2. Re: Is wwwimages.adobe.com a threat?
            Hayton

            Adobe may not own the server but it's their products that the server is providing, as far as I can see.

             

            Akamai just hosts copies of Adobe's downloadable content, as they do in Europe for McAfee. It spreads the load. And Akamai are extremely reputable, one of the most trustworthy organisations you will find.

             

            Whoever you spoke to at Adobe would have been technically correct in stating that Adobe does not own the site, but was clearly ignorant of how a major software business provides its software to a global market.

             

            If you want an idea if the link is a legitimate one, have a look at the javascript code. It's neat, formatted, intelligible, and extensively commented - in English, not in Russian. Or Chinese. It's not obfuscated, packed, encrypted, or even obscure. Malware code is, generally speaking, not like that at all.

             

            And the javascript code does contain this, which would tend to indicate that it comes from Adobe.

             

            /* Copyright (c) 2010 Adobe Systems Incorporated. * All rights reserved. * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */

             

            Not 100% proof, but pretty convincing.

            • 3. Re: Is wwwimages.adobe.com a threat?

              Thanks, Hayton.

               

              Still not 100% comfortable, but you're right about hosting and English plain text. And the file example I posted does indeed have the copyright notice, but in the middle of the file. I've always seen these at the top.

               

              Other files, like http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/swfobject.add on.js and http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/urlParser.js, do not contain notices.

               

              Still hoping to get a "final answer".

               

              Thanks!