Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Exploits On the Rise

Posted by timothy on from the worse-than-a-bad-moon- dept.

An anonymous reader writes "According to the TrustedSource Blog, malware authors increasingly target PDF files as an infection vector. Keep your browser plugins updated. From the article: 'The Portable Document Format (PDF) is one of the file formats of choice commonly used in today's enterprises, since it's widely deployed across different operating systems. But on a down-side this format has also known vulnerabilites which are exploited in the wild. Secure Computing's Anti-Malware Research Labs spotted a new and yet unknown exploit toolkit which exclusively targets Adobe's PDF format.'"

6 of 183 comments (clear)

  1. Time for PDF Lite? by davidwr · · Score: 5, Interesting

    Most PDF files have nothing more than text, vector graphics, and images in "read-only" formats. They don't have fill-in-the-blank fields or load-a-codec-and-play-a-video, or active content.

    Web browsers need a "simple PDF" plugin that will activate on PDFs. If the "simple PDF" plugin loads a file with content it can't display, it will display what it can and give the user an opportunity to load the file in a full-fledged PDF plugin or external viewer.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. Comment removed by account_deleted · · Score: 2, Interesting

    Comment removed based on user account deletion

  3. New PDFs in my inbox... by Jonah+Hex · · Score: 3, Interesting

    Interestingly enough, I have gotten 3 PDFs in the past few days in my corporate email inviting me to various "seminars" on technology subjects. All were very well written and professional looking but for products I have never used and companies I had not heard of. They passed both my email server's scanning and the local virus scan on my company laptop, however since I have very rarely gotten PDFs in the past I am now very suspicious.

    Jonah HEX

    --
    Horror & SciFi Erotic Nudes
  4. Re:Good news cause PDF's should be shunned by querist · · Score: 5, Interesting

    As a university professor, I actively encourage my students to use PDF files if possible. OS X and Linux come with PDF output, and I'm sure there's a way to do it in Windows without paying Adobe.

    I also specifically PROHIBIT MS Office 2007/2008 .docx, .pptx, .xlsx, .xlwx, etc. formats. I'm not paying for an "upgrade" that completely changes the UI and introduces a new format without providing any real benefit to me.

    Yes, I accept OpenOffice.org documents (as well as .dvi, .ps, and the formats from iWork)

  5. Update by pzs · · Score: 4, Interesting

    When I used to use Windows, I found Acrobat to be the most intrusive software ever because of its auto-update. Pretty much every time you try to open a document it's in your face demanding you allow it to update itself and then it often requests a reboot (a reboot? For a PDF viewer??)

    This seemed to happen every other week, even if appeased it by letting it do its thing. I suspect this update would be one possible attack vector.

    Yet another case in which a "fuck off" key would be a useful addition to the Windows keyboard.

  6. Re:Not to worry. by AmiMoJo · · Score: 2, Interesting

    The rendering quality of Foxit is sub-par, try SumatraPDF which is open-source. The visual quality is much better.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC