Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Exploits On the Rise

Posted by timothy on from the worse-than-a-bad-moon- dept.

An anonymous reader writes "According to the TrustedSource Blog, malware authors increasingly target PDF files as an infection vector. Keep your browser plugins updated. From the article: 'The Portable Document Format (PDF) is one of the file formats of choice commonly used in today's enterprises, since it's widely deployed across different operating systems. But on a down-side this format has also known vulnerabilites which are exploited in the wild. Secure Computing's Anti-Malware Research Labs spotted a new and yet unknown exploit toolkit which exclusively targets Adobe's PDF format.'"

3 of 183 comments (clear)

  1. Sumatra PDF Reader by Anonymous Coward · · Score: 5, Informative

    Use the Sumatra PDF Reader. It is a very lightweight reader. Since it doesn't have all the other useless bloat crap that Adobe's reader has, I'm sure it is a lot less vulnerable. It is also open source, so you don't have to rely on downloading an even more bloated version of Acrobat Reader to fix the exploits.

    http://blog.kowalczyk.info/software/sumatrapdf/

    I have this installed on all of the PCs here at the office. It has eliminated just about all of the issues i had with the adobe crapware.

  2. Re:Postscript by Angstroem · · Score: 5, Informative

    PDF is essentially a compressed, higher ability Postscript, right?

    On the contrary, PDF is (originally) a subset of PS plus the ability to embed fonts into the document, apply some overall compression where sensible, and stitch everything together into one carrier.

    And while it is true that the past knows about "PS bombs" which e.g. will render your printer useless cause its interpreter is stuck in a loop (after all, PS is a Turing-capable programming language opening all sorts of fun if your idea of fun are stack-oriented languages), the problem with current PDF exploits comes from the fact that this format gets increasingly overloaded.

    I can see why one would love to see Javascript and embedding all kinds of multimedia stuff within PDF. Would bring PDF on par with Powerpoint with respect to animations etc. -- which wouldn't be the worst thing for me, cause I love doing slides with PDFtex and beamer, and Adobe of course would like to present their format as a vital alternative to those nasty office formats.

    But it also adds complexity. Instead of a simple postscript renderer you end up with a gazillion of helper libraries, bringing in their very own bugs.

  3. Re:Good news cause PDF's should be shunned by Jason+Levine · · Score: 5, Informative

    For Windows the best (and free/open source) tool I've found is PDFCreator. It installs a "printer" on your computer that outputs to PDF. Using PDFCreator, you can make a PDF in any application that allows you to print. Using some of the "advanced" features (not really advanced, but slightly more complex than Print->PDF), you can even combine multiple print-outs from different applications into a single PDF.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.