Tuesday, May 25, 2010

Re: Poisoned PDFs? Here's Your Antidote

avoid the dangers - buy a mac!

On May 25, 5:37 am, Travis <baconl...@gmail.com> wrote:
> http://news.yahoo.com/s/pcworld/20100524/tc_pcworld/poisonedpdfsheres...
>
> Poisoned PDFs? Here's Your Antidote
>
> Erik Larkin *Erik Larkin* – Sun May 23, 9:00 pm ET
>
> Attacks employing poisoned PDF
> files<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>have
> leaped to the top of the threat list, according to statistics from
> major security companies. Symantec
> reports<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>that
> suspicious PDF
> files<http://news.yahoo.com/s/pcworld/20100524/tc_pcworld/poisonedpdfsheres...>skyrocketed
> in 2009 to represent 49 percent of Web-based attacks that the
> company detected, up from only 11 percent in 2008. The next-most-common
> attack, involving a good old Internet Explorer flaw, was far behind at 18
> percent.
>
> In a typical scenario, crooks might hijack a legitimate site and insert a
> PDF file made to exploit flaws in Adobe Reader. They then link to that PDF
> via social-engineering lures such as spam or comments on a blog or social
> network. Even astute users who check the link would see a legit domain. Not
> knowing the site was hacked, they would be more likely to download and open
> the file.
>
> Now, a new threat allows for launching malware hidden inside a PDF
> file<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>.
> In this type of attack, discovered by researcher Didier Stevens, opening the
> PDF file triggers an attempt to install the malware. The action causes Adobe
> Reader<http://news.yahoo.com/s/pcworld/20100524/tc_pcworld/poisonedpdfsheres...>to
> produce a confirmation pop-up, which gives you a chance to halt the
> attack by clicking the 'Do Not Open' button--but Stevens found that
> attackers could tweak the pop-up's message. His
> example<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>reads,
> "To view the encrypted message in this PDF
> document<http://news.yahoo.com/s/pcworld/20100524/tc_pcworld/poisonedpdfsheres...>,
> select 'Do not show this message again' and click the Open button!" Using
> such a message, attackers could allay potential victims' suspicion.
>
> Here's the kicker: This embedded-file threat makes creative use of
> functionality built into the PDF standard. As such, it works not only on
> Adobe Reader but on other PDF readers, too, even if they're up-to-date. The
> makers of the Zeus Trojan
> horse<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>are
> already using this new technique to spread their evil software.
>
> *How to Fight the New Threat*
>
> Changing a program setting in the current version of Adobe Reader can help.
> Head to *Preferences, Trust Manager*, and deselect *Allow opening of non-PDF
> file attachments with external applications.* See the Adobe Reader
> Blog<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>for
> more details.
>
> The latest 3.3 update for the Foxit PDF
> reader<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>also
> has a new Safe Reading setting--enabled by default under a new Trust
> Manager section in the preferences--that likewise blocks embedded programs
> from running.
>
> Since traditional PDF exploits almost always hunt for one of the many holes
> in Adobe Reader, using an alternative PDF program is a good idea. But it's
> no guarantee of safety. When the embedded-file attack first surfaced, Foxit
> didn't even display a confirmation pop-up--it simply allowed the attack to
> proceed. Whichever reader you use, it's vital to keep it up-to-date. Both
> Adobe and Foxit are working on new security features to further mitigate the
> embedded-file risk.
>
> Finally, a good antivirus program may stop a malicious PDF before it can
> launch an attack. And
> VirusTotal.com<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>is
> excellent for scanning any downloaded or e-mailed file with a
> multitude
> of antivirus engines<http://us.rd.yahoo.com/dailynews/pcworld/tc_pcworld/storytext/poisone...>.
> Regardless, always back up your defenses with your own good sense.
>
> --
> Thanks for being part of "PoliticalForum" at Google Groups.
> For options & help seehttp://groups.google.com/group/PoliticalForum
>
> * Visit our other community athttp://www.PoliticalForum.com/ 
> * It's active and moderated. Register and vote in our polls.
> * Read the latest breaking news, and more.

--
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum

* Visit our other community at http://www.PoliticalForum.com/
* It's active and moderated. Register and vote in our polls.
* Read the latest breaking news, and more.

No comments:

Post a Comment