Welcome to WebmasterWorld Guest from 34.239.158.107

Forum Moderators: phranque

Message Too Old, No Replies

PDF Files, Again, Used To Deliver Maicious Code

     
11:19 am on Oct 27, 2007 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26247
votes: 999


Emails containing malicious PDF files have been putting computers at risk since Friday, Finnish security software firm F-Secure said on Saturday.

"The emails sent in bulk looked like credit card statements, and contained an attachment called 'report.pdf'," its chief research officer Mikko Hypponen said in a statement.

PDF Files, Again, Used To Deliver Maicious Code [uk.reuters.com]

Once again, we see this problem arising.

Please check you have the latest PDF reader to help combat security loopholes.

2:07 pm on Oct 27, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 16, 2002
posts: 2010
votes: 0


I got tired about worrying if Adobe was disclosing all know issues in the first place and/or upgrading all the time - so I tried switching to the hyped "Foxit" reader (free version) and it does seem to work well. It's very small & fast actually. Reminds me of old Acrobat Reader 4.0
5:37 pm on Oct 27, 2007 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12339
votes: 400


Apparently, the underlying problem is in Windows, and Microsoft has acknowledged it.

Microsoft Circles Wagons Over Windows Security Threat [crn.com]

Microsoft is sounding the alarm over exploits that appeared this week for an unpatched bug in Windows, warning customers that third party patches don't address the underlying vulnerability....

....Windows users who have applied the patches that Adobe issued earlier this week for Acrobat and Reader are protected from that particular exploit. But because the flaw affects a core part of Windows known as the ShellExecute function, "these third party updates do not resolve the vulnerability -- they just close an attack vector," Sisk wrote.