[OPLIN 4cast] OPLIN 4Cast #214: PDF malware

Editor editor at oplin.org
Wed Jan 26 10:38:24 EST 2011 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4Cast #214: PDF malware
January 26th, 2011

skull in Adobe logo 
<http://www.oplin.org/4cast/wp-content/uploads/2011/01/adobe_skull.png>These 
days, when you click to download a PDF file from the web or 
your e-mail, your computer may well ask, "Are you really 
sure??" That happens because PDF files have been getting 
more and more dangerous lately as they become more and more 
popular as carriers of malicious software. It used to be 
that common executable (.exe) files were the carriers of 
choice for computer malware, but most e-mail software now 
blocks those. Lately, Portable Document Format has been on 
the rise as a delivery vehicle for malware. But since PDF is 
not a programming language, rather a file specifying how to 
render a page, how do you get it to do malicious things to a 
computer? The answer is to exploit weaknesses in the 
software (like Adobe Acrobat Reader) that processes the PDF 
file; the PDF file itself doesn't do anything but deliver 
the exploit.

    * The rise of PDF malware
      <http://www.symantec.com/connect/blogs/rise-pdf-malware>
      (Symantec Connect/Fred Gutierrez) "We have seen an
      ever increasing use of PDFs for malicious purposes
      over the past two years. During this time, we have
      tracked the growth and usage and have been constantly
      improving our detections to handle the different
      evolutions of these threats. We see new
      vulnerabilities related to PDF readers discovered on a
      regular basis, often being exploited in-the-wild
      before a patch is available."
    * Adobe patches under-attack Reader bug
      <http://www.computerworld.com/s/article/9196818/Adobe_patches_under_attack_Reader_bug>
      (Computerworld/Gregg Keizer) "The more notable flaw
      fixed in Reader 9.4.1 for Windows and Mac OS X was a
      bug that hackers have been leveraging since late
      October using malicious PDF documents. Those attacks
      have taken advantage of a flaw in Reader's 'authplay'
      component. Authplay is the interpreter that renders
      Flash content embedded within PDF files. Successful
      attacks have dropped a Trojan horse and other malware
      on victimized Windows PCs."
    * OMG WTF PDF
      <http://events.ccc.de/congress/2010/Fahrplan/events/4221.en.html>:
      What you didn't know about Acrobat (27th Chaos
      Communication Congress/Julia Wolf) "PDFs are currently
      the greatest vector for drive-by (malware installing)
      attacks and targeted attacks on business and
      government. A/V [antivirus] technology is
      extraordinarily poor at detecting these."
    * danger lurks in PDF documents
      <http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-Update-1162166.html>
      (The H Security/Stefan Krempl) "According to Wolf,
      however, the PDF standard has long had too many
      functions that can be exploited to launch attacks and
      wreak other havoc. These functions range from database
      connections without security features to options that
      can blindly trigger the execution of arbitrary
      programs in Acrobat Reader. The researcher said that
      other risks are generated through the support of
      inherently insecure script languages such as
      JavaScript, formats such as XML, RFID tags and digital
      rights management (DRM) technologies."

*/Common sense fact:/*

Developers of PDF reader software are constantly changing 
their software to combat vulnerabilities. The wise computer 
user keeps her/his software up to date.
------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent 
headlines, topics, and trends that could impact public 
libraries. You can subscribe to it in a variety of ways, 
such as:

    * *RSS feed.* You can receive the OPLIN 4cast via RSS
      feed by subscribing to the following URL:
      http://www.oplin.org/4cast/index.php/?feed=rss2.
    * *Live Bookmark.* If you're using the Firefox web
      browser, you can go to the 4cast website
      (http://www.oplin.org/4cast/) and click on the orange
      "radio wave" icon on the right side of the address
      bar. In Internet Explorer 7, click on the same icon to
      view or subscribe to the 4cast RSS feed.
    * *E-mail.* You can have the OPLIN 4cast delivered via
      e-mail (a'la OPLINlist and OPLINtech) by subscribing
      to the 4cast mailing list at
      http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplin4cast/attachments/20110126/4981b7a6/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
Url : http://mail.oplin.org/pipermail/oplin4cast/attachments/20110126/4981b7a6/kubrickheader-0001.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: adobe_skull.png
Type: image/png
Size: 9340 bytes
Desc: not available
Url : http://mail.oplin.org/pipermail/oplin4cast/attachments/20110126/4981b7a6/adobe_skull-0001.png

More information about the OPLIN4cast mailing list