Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Exploits On the Rise

Posted by timothy on from the worse-than-a-bad-moon- dept.

An anonymous reader writes "According to the TrustedSource Blog, malware authors increasingly target PDF files as an infection vector. Keep your browser plugins updated. From the article: 'The Portable Document Format (PDF) is one of the file formats of choice commonly used in today's enterprises, since it's widely deployed across different operating systems. But on a down-side this format has also known vulnerabilites which are exploited in the wild. Secure Computing's Anti-Malware Research Labs spotted a new and yet unknown exploit toolkit which exclusively targets Adobe's PDF format.'"

10 of 183 comments (clear)

  1. Not to worry. by morgan_greywolf · · Score: 5, Insightful

    I'm sure Secure Computing has a product for that. :-/

    --
    My blog
    1. Re:Not to worry. by electrictroy · · Score: 4, Insightful

      Don't set your browser to auto-load PDF files. (Or any other file for that matter.) Download it first; scan it; then open it externally.

      --
      The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to you.
    2. Re:Not to worry. by Big+Nothing · · Score: 5, Insightful

      Or don't use Adobe Reader, instead use one of the many competent and more secure open alternatives.

      --
      SIG: TAKE OFF EVERY 'CAPTAIN'!!
    3. Re:Not to worry. by mpe · · Score: 5, Insightful

      I was wondering whether there was any hope of getting websites to start saying "requires a PDF reader" instead of "requires Adobe's PDF reader".

      This is only going to happen after this kind of thing is called an "Acrobat Reader exploit" rather than a "PDF exploit" though.

    4. Re:Not to worry. by bugeaterr · · Score: 3, Insightful

      And missing features.

      Like script execution turned on by default.
      Nothing could go wrong there.

  2. I wonder why? by Nerdposeur · · Score: 5, Insightful

    Hmmmm. Maybe this is because they've crammed all kinds of interactive content into a Portable Document Format?

    I mean seriously. I thought the idea of PDFs was "this is as simple as a printed copy, and looks the same."

  3. Re:Good news cause PDF's should be shunned by martinw89 · · Score: 5, Insightful

    No, it's just that for some people PDFs are a hammer and every single printed word on the tubes is a nail.

    I have had plenty of times where I was turning in papers electronically or needed to transfer documents between computers where PDF came in quite useful. When I'm turning in a paper electronically, I have no idea what version of Office the professor has. Nor do I even have Office. PDFs are very useful in this case.

    Also, it may not be as bloated as you perceive. Acrobot reader is slow as hell. Evince and KPDF, both on Linux, are noticeably faster for me. There are alternatives for Windows as well that are better than the "official" reader.

  4. Overuse of PDF by owlnation · · Score: 3, Insightful

    The biggest issue is overuse and inappropriate use of PDF.

    The only reason to ever use PDF is if it is NECESSARY for your audience to print the document in question.

    Way too often websites have PDFs that are the only alternative for information. If you want to look up a train time for example, once and once only, you almost always have to download a PDF -- why? Sure, give people the choice of doing that if they want to, but there's no reason to slow down the internet for one-off pieces of information.

    With concerns about the environment (perceived real or theatrical, regardless), you'd think that firms would stop encouraging frivolous use of paper. With the extortionate cost of printer ink, you'd think that firms would also be cost-conscious.

    Uploading a 2 or 3 page document to the web in a PDF format is a criminal waste of resources, it's also an irritation that I don't need. I do not (and will never) work in a corporation. I do not need Office or PDF format -- ever. It's slow, and it's crap to read online.

    I can cheerfully live my entire life without it, and I sincerely wish retarded developers and content managers would stop forcing it on me.

    1. Re:Overuse of PDF by Ardeaem · · Score: 3, Insightful

      Often, the reason for this is that either 1) the document in question was first designed for a print medium, or 2) The material was dumped from some kind of database as PDF. Often to redesign the output to be a better in web format is nontrivial. Why should they waste so many workhours on such a thing? It would provide no benefit in terms of the information that is available. It would only keep you from being annoyed.

      Given that many of the organizations doing this are government organizations, and they use tax dollars, do you want your tax dollars spent on just redesigning output to be appropriate for HTML? I'll just deal with the (small) annoyance, thanks.

      Any format can be exploited. The (over)use of PDF is not the issue here.

  5. Exactly The Kind of Analysis We DON'T Need by Alexander · · Score: 3, Insightful

    I'm sorry, but in that very brief article linked, I saw absolutely ZERO analysis concerning frequency.

    YAY! There's an exploit and toolkit. The existence of which is, in some sense, a useful piece of prior information for establishing the probability that there MIGHT BE an increase in frequency in the future - but it's quite a leap to have a freakin' /. link to a corporate article that uses hyperbole in claiming that there is some State of Nature or State of Knowledge that points to .pdf attacks being "On the rise".

    --
    "oohhh... I didn't know Schopenhauer was a philosopher!" ..."uhhh yeah, he's the one that begins with