<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
<table class="backgroundTable" bgcolor="#ffffff" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part1.07020605.06080906@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff" valign="top">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4Cast #214: PDF
malware</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">January 26th, 2011</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.oplin.org/4cast/wp-content/uploads/2011/01/adobe_skull.png"><img
class="alignleft size-full wp-image-1645"
title="adobe_skull"
src="cid:part2.04000509.06020405@oplin.org"
alt="skull in Adobe logo" height="115"
width="115"></a>These days, when you click to
download a PDF file from the web or your e-mail,
your computer may well ask, "Are you really
sure??" That happens because PDF files have been
getting more and more dangerous lately as they
become more and more popular as carriers of
malicious software. It used to be that common
executable (.exe) files were the carriers of
choice for computer malware, but most e-mail
software now blocks those. Lately, Portable
Document Format has been on the rise as a delivery
vehicle for malware. But since PDF is not a
programming language, rather a file specifying how
to render a page, how do you get it to do
malicious things to a computer? The answer is to
exploit weaknesses in the software (like Adobe
Acrobat Reader) that processes the PDF file; the
PDF file itself doesn't do anything but deliver
the exploit. </p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.symantec.com/connect/blogs/rise-pdf-malware">The
rise of PDF malware</a> (Symantec Connect/Fred
Gutierrez) "We have seen an ever increasing use
of PDFs for malicious purposes over the past two
years. During this time, we have tracked the
growth and usage and have been constantly
improving our detections to handle the different
evolutions of these threats. We see new
vulnerabilities related to PDF readers
discovered on a regular basis, often being
exploited in-the-wild before a patch is
available."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.computerworld.com/s/article/9196818/Adobe_patches_under_attack_Reader_bug">Adobe
patches under-attack Reader bug</a>
(Computerworld/Gregg Keizer) "The more notable
flaw fixed in Reader 9.4.1 for Windows and Mac
OS X was a bug that hackers have been leveraging
since late October using malicious PDF
documents. Those attacks have taken advantage of
a flaw in Reader's 'authplay' component.
Authplay is the interpreter that renders Flash
content embedded within PDF files. Successful
attacks have dropped a Trojan horse and other
malware on victimized Windows PCs."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://events.ccc.de/congress/2010/Fahrplan/events/4221.en.html">OMG
WTF PDF</a>: What you didn't know about
Acrobat (27th Chaos Communication Congress/Julia
Wolf) "PDFs are currently the greatest vector
for drive-by (malware installing) attacks and
targeted attacks on business and government. A/V
[antivirus] technology is extraordinarily poor
at detecting these."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-Update-1162166.html">danger
lurks in PDF documents</a> (The H
Security/Stefan Krempl) "According to Wolf,
however, the PDF standard has long had too many
functions that can be exploited to launch
attacks and wreak other havoc. These functions
range from database connections without security
features to options that can blindly trigger the
execution of arbitrary programs in Acrobat
Reader. The researcher said that other risks are
generated through the support of inherently
insecure script languages such as JavaScript,
formats such as XML, RFID tags and digital
rights management (DRM) technologies."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Common
sense fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">Developers
of PDF reader software are constantly changing
their software to combat vulnerabilities. The wise
computer user keeps her/his software up to date. </div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >=""
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
valign="top" width="760"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 100%;
font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg"
valign="top" width="760"> <br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>