The recipient will receive the attack in an e-mail attachment containing a PDF document. When the recipient opens the attachment, the document will have an executable file and ask the recipient where to save the file.
Figure 1. Saving Adobe document
Security blog from ZDNet stated , "This could be somewhat confusing to users, and not really knowing what is happening, they may just click save ."
Adobe is considering releasing a patch for this design flaw but in the meantime suggested users to uncheck a box that allows PDF documents to open an external applications. The following are the steps to unchecking the box:
Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”
Figure 2. Unchecking box in Adobe preferences
In short, make sure that you are not extracting files after opening a PDF document unless the file is from a trusted source.
- PDF exploits explode, continue climb in 2010
- Embedded PDF executable hack goes live in Zeus malware attacks
- Figures credited to security blog, Zero Day, from ZDNet