Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Method Could Hide Malware In PDFs, No Further Exploits Needed

Posted by timothy on from the deploy-linux-countermeasures dept.

Trailrunner7 writes "A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any other security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file. With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this."

6 of 234 comments (clear)

  1. With Foxit Reader by wiredog · · Score: 5, Interesting

    There's no warning at all. It just runs.

    --

    Best Slashdot Co
  2. Re:Sad by sopssa · · Score: 5, Insightful

    But for once Adobe is actually more secure than the better alternative Foxit. Adobe PDF Reader at least warns and asks your permission to run the file, but Fox It does neither one but just happily runs it. That fact made me uninstall Foxit for now at least.

  3. further proof D. Knuth was right by Anonymous Coward · · Score: 5, Insightful

    Who the hell thought it was a good idea to have dynamic content in a document description language?

    Notice you never hear about exploits-of-the-week like this for LaTeX !

    1. Re:further proof D. Knuth was right by TheRaven64 · · Score: 5, Insightful

      I can't decide if you're trying to be ironic, but there are no 'vulnerabilities' in LaTeX because the ability to interact with files and run arbitrary programs are part of the language. The reason LaTeX isn't often exploited is that it is very rare to run LaTeX programs from untrusted sources; you distribute the output from the program, not the program itself.

      On a slightly different topic, is there a competition going on in Adobe to see if the Flash or Acrobat teams can collect the most security advisories?

      --
      I am TheRaven on Soylent News
  4. Re:Clever social engineering... by T+Murphy · · Score: 5, Funny

    The guys at Adobe heard about oscilloscopes with hidden games on them, and Word's flight simulator, so they incorporated "features" so they could make an easter egg of their own. They never got around to that easter egg, so now lots of people are kindly lending them a hand at it.

    --
    My webcomic
  5. Re:Sad by Pentium100 · · Score: 5, Informative

    Also the first comment there says how you can hex edit the .exe to disable this "feature".

    If you can live without the /Launch functionality (I can!), edit the executable:

    - search for “^@Launch^@” (^@ == null byte, file offset 7040965 in 3.13.1030) in Foxit Reader.exe,

    - change it to e.g. “L!unch” (no quotes),

    - save AS BINARY,

    done.

    Comment by Thomas — Wednesday 31 March 2010 @ 12:20