Print - New PDF Attack Making the Rounds

With today's operating systems providing more security controls than ever, malicious hackers are turning to unpatched applications as a way to infiltrate users' systems. This week, a malicious PDF document that exploits security flaws in Adobe's popular Adobe Reader and Acrobat software, and in Internet Explorer on Windows XP and 2003, is making its way across the Internet, threatening to compromise PCs around the globe.

Adobe has actually fixed the flaw already and it shipped a free update on Monday for users of the latest versions of its software. But many Adobe customers don't regularly update their software--or, in millions of cases, don't even remember the software is even on their PCs. And Adobe has yet to ship an update for older versions of Reader and Acrobat. All of those users are still at risk.

But Adobe isn't completely to blame. The attack also takes advantage of a mailto: flaw in the IE 7 version for Windows XP and 2003 to spam mail the malicious document via an email attachment. The document typically has a name like YOUR_BILL.pdf or INVOICE.pdf, and launches a Trojan horse attack called Pidief.a when the document is opened. This Trojan shuts down the PC's firewall and downloads other malware directly to the PC, thus compromising the machine and putting it under the control of remote hackers.

While Microsoft plans an IE patch and Adobe has pledged to update earlier Reader and Acrobat versions, a little common sense will go a long ways towards combating this problem. As is always the case, users are cautioned from opening unexpected email attachments from unknown senders. And systems administrators are advised to temporarily block the delivery of PDF files via email attachment.

And again, Vista users are not affected. As usual. In fact, I can't think of one virus that has been able to bypass UAC and gain elevated permissions on its own, unlike another OS which is riddled with security vulnerabilities. Once the majority of users run Vista, I wouldn't be surprised if malware writers start attacking easier targets...

Vista users are affected if they mindlessly click "Continue" or "Allow" to all of UAC's prompts. Like Paul said, "a little common sense will go a long ways".

If a _document_ file asks you for elevated privileges and you give them, you deserve what you are going to get. At this point, even though Adobe needs to fix this, the blind "Allow" clicking is the same as leaving your home unlocked when you leave, if you keep doing it, something bad is going to happen. I do appreciate Vista having Allow/Deny instead of "Password: ______". Sure the prompt for pw does not allow blind operation, so it is safer, but I am not running a DoD computer either, so I feel it is unnecessary. I don't feel the need to have padlocks on my refrigerator. I can also appreciate Linux's attempts with sudo having a 'timer' so that a process can run elevated privileges for X minutes before requiring a prompt again... but at times that can become troublesome as well. Once XP gets antiquated, it will be nice to see these problems placed on the back burner, and out of the news front. Normally, user action attacks like opening a file don't garner much attention, but I think even the more educated users assume-safe for document files; this is where OS intervention is a necessity, and one of the rare strong points of the Unix/Linux derivatives in the previous generation home-use operating systems. Sadly, the power given by XP is just too far beyond the information curve for general users, and we need a parachute for those clever moments malicious individuals have. Maybe Win7 will attempt to use profiling to analyze process behavior and ease the need for user notification... i.e. most of these malicious programs malform normal tasks to perform abnormal behavior, the OS can observe this, and on prior history make it's own decision. A simplified example being, acroreader.exe has been executed XXXX times and requested protected execution mode 0 times, disallow protected mode for this process. At this point the OS can simply warn the user (with a custom message instead of canned) in a more meaningful way.

" And systems administrators are advised to temporarily block the delivery of PDF files via email attachment." Or just use Firefox and avoid all IE-related problems.

"Or just use Firefox and avoid all IE-related problems." Are you implying that using Adobe Reader 8 and Thunderbird would make the user impervious to this attack? From my understanding, simply opening any 'dirty' PDF file will activate the attack, regardless of installed internet browsers. The IE exploit simply makes the attack more contagious.

@lotsa - "Or just use Firefox and avoid all IE-related problems." Typical uneducated FUD. @will - great commentary. I think that you said it all!!! --tayme

"Or just use Firefox and avoid all IE-related problems." Or just use Vista, which the vulnerability does not affect.

"Or just use Firefox and avoid all IE-related problems." or just don't use Adobe PDF parsers and all your troubles with Adobe's programming incompetence go out the window....er....well, if you toss that Mac out with it too.... XP

@lotsatrollinginvain - "Or just use Firefox and avoid all IE-related problems." I'm sure you think Facebook sucks now, right?

"Or just use Vista, which the vulnerability does not affect." Or Mac OSX for that matter. -------- "I'm sure you think Facebook sucks now, right?" As far as the leading social networking sites go, Facebook isn't that bad (of course, that's faint praise--like being the "best dressed woman in Latvia"). Fortunately, Microsoft's investment is probably small enough that it won't give them enough influence to substantially screw it up.

@l"otsamystuff" - "Or Mac OSX for that matter." "Fortunately, Microsoft's investment is probably small enough that it won't give them enough influence to substantially screw it up." More trolling from our favorite anti-MS shill. Go away...you bug me kid! --tayme