Friday, May 14, 2010

PDF Exploits and Ways to Mitigate

PDF hacks are on the rise and expected to rapidly increase for 2010 [1].  Zeus malware has been detected to exploit the flaw in PDF documents.  Zeus malware was first detected in 2007 and the goal of the attack is to steal login information - mainly banking information.  In the past, the attacks primarily targeted operating systems but now the attacks are targeted towards applications used in the operating systems.
The recipient will receive the attack in an e-mail attachment containing a PDF document.  When the recipient opens the attachment, the document will have an executable file and ask the recipient where to save the file.

Figure 1. Saving Adobe document

Security blog from ZDNet stated [2], "This could be somewhat confusing to users, and not really knowing what is happening, they may just click save ." 

Adobe is considering releasing a patch for this design flaw but in the meantime suggested users to uncheck a box that allows PDF documents to open an external applications. The following are the steps to unchecking the box:

Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit >  Preferences >  Categories >  Trust Manager >  PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”

Figure 2. Unchecking box in Adobe preferences

In short, make sure that you are not extracting files after opening a PDF document unless the file is from a trusted source.

  1. PDF exploits explode, continue climb in 2010
  2. Embedded PDF executable hack goes live in Zeus malware attacks
  3. Figures credited to security blog, Zero Day, from ZDNet

1 comment:

  1. Thanks for this information! I didn't realize how dangerous PDF files can be. Very helpful!