Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Exploits On the Rise

Posted by timothy on from the worse-than-a-bad-moon- dept.

An anonymous reader writes "According to the TrustedSource Blog, malware authors increasingly target PDF files as an infection vector. Keep your browser plugins updated. From the article: 'The Portable Document Format (PDF) is one of the file formats of choice commonly used in today's enterprises, since it's widely deployed across different operating systems. But on a down-side this format has also known vulnerabilites which are exploited in the wild. Secure Computing's Anti-Malware Research Labs spotted a new and yet unknown exploit toolkit which exclusively targets Adobe's PDF format.'"

16 of 183 comments (clear)

  1. Not to worry. by morgan_greywolf · · Score: 5, Insightful

    I'm sure Secure Computing has a product for that. :-/

    --
    My blog
    1. Re:Not to worry. by electrictroy · · Score: 4, Insightful

      Don't set your browser to auto-load PDF files. (Or any other file for that matter.) Download it first; scan it; then open it externally.

      --
      The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to you.
    2. Re:Not to worry. by Big+Nothing · · Score: 5, Insightful

      Or don't use Adobe Reader, instead use one of the many competent and more secure open alternatives.

      --
      SIG: TAKE OFF EVERY 'CAPTAIN'!!
    3. Re:Not to worry. by mpe · · Score: 5, Insightful

      I was wondering whether there was any hope of getting websites to start saying "requires a PDF reader" instead of "requires Adobe's PDF reader".

      This is only going to happen after this kind of thing is called an "Acrobat Reader exploit" rather than a "PDF exploit" though.

    4. Re:Not to worry. by jonnythan · · Score: 4, Informative

      I've been using Foxit exclusively for some time now.

      There's nothing about Adobe Reader that I miss. Foxit seems to handle everything I come across just fine. And it's way faster and never crashes. Adobe Reader seemed to crash on me all the time on multiple machines.

  2. Time for PDF Lite? by davidwr · · Score: 5, Interesting

    Most PDF files have nothing more than text, vector graphics, and images in "read-only" formats. They don't have fill-in-the-blank fields or load-a-codec-and-play-a-video, or active content.

    Web browsers need a "simple PDF" plugin that will activate on PDFs. If the "simple PDF" plugin loads a file with content it can't display, it will display what it can and give the user an opportunity to load the file in a full-fledged PDF plugin or external viewer.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  3. I wonder why? by Nerdposeur · · Score: 5, Insightful

    Hmmmm. Maybe this is because they've crammed all kinds of interactive content into a Portable Document Format?

    I mean seriously. I thought the idea of PDFs was "this is as simple as a printed copy, and looks the same."

  4. Re:Good news cause PDF's should be shunned by martinw89 · · Score: 5, Insightful

    No, it's just that for some people PDFs are a hammer and every single printed word on the tubes is a nail.

    I have had plenty of times where I was turning in papers electronically or needed to transfer documents between computers where PDF came in quite useful. When I'm turning in a paper electronically, I have no idea what version of Office the professor has. Nor do I even have Office. PDFs are very useful in this case.

    Also, it may not be as bloated as you perceive. Acrobot reader is slow as hell. Evince and KPDF, both on Linux, are noticeably faster for me. There are alternatives for Windows as well that are better than the "official" reader.

  5. Sumatra PDF Reader by Anonymous Coward · · Score: 5, Informative

    Use the Sumatra PDF Reader. It is a very lightweight reader. Since it doesn't have all the other useless bloat crap that Adobe's reader has, I'm sure it is a lot less vulnerable. It is also open source, so you don't have to rely on downloading an even more bloated version of Acrobat Reader to fix the exploits.

    http://blog.kowalczyk.info/software/sumatrapdf/

    I have this installed on all of the PCs here at the office. It has eliminated just about all of the issues i had with the adobe crapware.

  6. Re:Good news cause PDF's should be shunned by querist · · Score: 5, Interesting

    As a university professor, I actively encourage my students to use PDF files if possible. OS X and Linux come with PDF output, and I'm sure there's a way to do it in Windows without paying Adobe.

    I also specifically PROHIBIT MS Office 2007/2008 .docx, .pptx, .xlsx, .xlwx, etc. formats. I'm not paying for an "upgrade" that completely changes the UI and introduces a new format without providing any real benefit to me.

    Yes, I accept OpenOffice.org documents (as well as .dvi, .ps, and the formats from iWork)

  7. Re:Postscript by Angstroem · · Score: 5, Informative

    PDF is essentially a compressed, higher ability Postscript, right?

    On the contrary, PDF is (originally) a subset of PS plus the ability to embed fonts into the document, apply some overall compression where sensible, and stitch everything together into one carrier.

    And while it is true that the past knows about "PS bombs" which e.g. will render your printer useless cause its interpreter is stuck in a loop (after all, PS is a Turing-capable programming language opening all sorts of fun if your idea of fun are stack-oriented languages), the problem with current PDF exploits comes from the fact that this format gets increasingly overloaded.

    I can see why one would love to see Javascript and embedding all kinds of multimedia stuff within PDF. Would bring PDF on par with Powerpoint with respect to animations etc. -- which wouldn't be the worst thing for me, cause I love doing slides with PDFtex and beamer, and Adobe of course would like to present their format as a vital alternative to those nasty office formats.

    But it also adds complexity. Instead of a simple postscript renderer you end up with a gazillion of helper libraries, bringing in their very own bugs.

  8. Re:Good news cause PDF's should be shunned by JustinOpinion · · Score: 4, Informative

    There are alternatives for Windows as well that are better than the "official" reader.

    Specifically Sumatra PDF and Foxit Reader are alternative PDF readers for Windows.

    They are both orders-of-magnitude faster than Adobe Acrobat. Part of the reason for this speed boost is that they don't implement the hundreds of plug-ins that Acrobat supports. But frankly for >99% of the PDFs you encounter, those additional plug-ins are not required. (In the rare case where a PDF needs one of those features, I guess you can load up Acrobat.)

    In addition to a speed advantage, using an alternate PDF reader is probably more secure. Both because it is less well-known (fewer exploits tailored to it), and because they don't implement those hundreds of plug-ins (some of which enable certain kinds of code execution).

  9. Re:New PDFs in my inbox... by MyLongNickName · · Score: 4, Funny

    I have a link to a white paper on how to tell if a PDF is a security threat. I can share it if you like. PDF format of course.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  10. Re:PDF exploit? Or Adobe Reader exploit? by eclectro · · Score: 5, Funny

    What if you use a PDF reader that's not made by Adobe?

    You download the virus using flash.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  11. Re:Good news cause PDF's should be shunned by Jason+Levine · · Score: 5, Informative

    For Windows the best (and free/open source) tool I've found is PDFCreator. It installs a "printer" on your computer that outputs to PDF. Using PDFCreator, you can make a PDF in any application that allows you to print. Using some of the "advanced" features (not really advanced, but slightly more complex than Print->PDF), you can even combine multiple print-outs from different applications into a single PDF.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  12. Update by pzs · · Score: 4, Interesting

    When I used to use Windows, I found Acrobat to be the most intrusive software ever because of its auto-update. Pretty much every time you try to open a document it's in your face demanding you allow it to update itself and then it often requests a reboot (a reboot? For a PDF viewer??)

    This seemed to happen every other week, even if appeased it by letting it do its thing. I suspect this update would be one possible attack vector.

    Yet another case in which a "fuck off" key would be a useful addition to the Windows keyboard.