digg

Facebook Connect Join Digg About

Report: PDF files used to attack computers

news.com E-mails containing malicious PDF files have been putting computers at risk since Friday, Finnish security software firm F-Secure said on Saturday.

Who dugg this? Made popular Oct 28, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

84 Comments

show profanity settings
expand all
  • toastgodsupreme, on 10/29/2007, -3/+37Common sense > viruses.

    Too bad they haven't found a way to provide that to users. For people so afraid of computers, it's amazing how many of them just randomly click on *****.
  • voetsjoeba, on 10/29/2007, -1/+19It is (or should be) common knowledge to not open any damn attachments in e-mails you're not expecting or don't know who sent them to you!
  • nullx42, on 10/29/2007, -3/+18***** Yeah! Foxit!
  • trogdoor, on 10/29/2007, -1/+15Since when is it "common sense" that a static document should be able to execute code? It's common knowledge if you are a techie, but it makes no sense at all.
  • luchid, on 10/29/2007, -0/+14Uninstall that POS Acrobar Reader and use Foxit reader... Opens in less than two seconds, tiny footprint, and overall AWESOME.
  • cephelo, on 10/29/2007, -0/+12This is a new, or relatively new, attack. This is not your typical PDF spam. The PDFs contain executable code that installs a virus (nasty ones) on your computer. The vulnerability isn't PDF itself, it's the way Windows handles files. The Adobe update is a workaround until Microsoft patches the problem (in November).

    Administrators using Postfix can easily fix this. In main.cf, add:

    mime_header_checks = regexp:/usr/local/etc/postfix/checks

    in /usr/local/etc/postfix/checks (adjust paths for your system as needed):
    /name=[^>]*report.pdf/ REJECT
    /name=[^>]*debt.2007.pdf/ REJECT
    /name=[^>]*overdraft.d+.d+.d+.pdf/ REJECT
    The current runs are all using those 3 PDF names. You can easily tailor it to block all PDFs if desired.
  • dacheetah, on 10/29/2007, -0/+11Yeah, but it almost certainly exploits a hole in ADOBE's Reader. Thus using foxit, there is a very good chance that you are immune to this particular exploit, and as such, immune to the virus. Same way that using Mozilla apps to surf and email makes you immune to most of the stuff targeting Microsoft's MSIE and Outlook, except that they have become popular enough to get their own viruses.
  • xdevit, on 10/31/2007, -1/+11"E-mails containing malicious PDF files have been putting computers at risk since Friday, Finnish security software firm F-Secure said on Saturday."
    Friday of what.. last year ?
    Seriously this has been going on for over a year now.
  • inactive, on 10/29/2007, -0/+10I just want to know what rock the F-Secure idiots have been living under.

    Since last Friday? I've been getting these damned things for MONTHS at my work email.
  • HonoredMule, on 10/29/2007, -0/+9venerability

    ven·er·a·ble, adj.
    1. Commanding respect by virtue of age, dignity, character, or position.
    2. Worthy of reverence, especially by religious or historical association: venerable relics.

    I rather think a program venerability should be in the "commendation" section.
  • SuperSloth, on 10/29/2007, -0/+8Foxit was vulnerable to this vector, too, numbnuts.
  • DrSpud, on 10/29/2007, -1/+8Wow, there's a lot of hate for PDFs going on here. Understandable, but I think it's really just misplaced hate for the bloated Adobe Reader that loads slowly and takes over browser windows/tabs. At least you don't have to deal with that nonsense when you have KDE/Konqueror handling PDFs so seamlessly.
  • ryodoan, on 10/29/2007, -0/+7I second this motion. I have not used Acrobat reader since installing Foxit.
  • inactive, on 10/29/2007, -11/+17use foxit reader
  • trogdoor, on 10/29/2007, -0/+6It also should be common practice that data be kept strictly separate from executable code, also notice that I am talking about "common sense" I acknowledged that it was common knowledge. I understand that you have to be paranoid when opening something any file you get, what I am saying is that you shouldn't have to be and it does not make "sense" that you do. Do you worry about junk ( snail ) mail punching you in the face? Text and pictures should not be able to execute code.
  • jonshipman, on 10/29/2007, -0/+6how else would anything be commercially printed?
  • luteslinger, on 10/29/2007, -6/+11I always thought a PDF ~was an attack on my computer. Seriously.
  • drastik21, on 10/29/2007, -1/+5Acrobat is an Adobe product not Microsoft
  • inactive, on 10/29/2007, -1/+5I think he meant common sense as in "don't open a random email with an attachment from someone you've never ***** heard of."
  • HonoredMule, on 10/29/2007, -0/+4...I'm a 4th year bachelor's science student and PHP developer. I'm well aware of the underlying theory of formal language computability, but what you're discussing is completely irrelevant.

    I'm talking about making code that's "run" (translates input to output) a second class citizen in any document format, kept completely separate from code that's interpreted as presentational markup (is just the input). The former kind of code should never have to be run just to display the document, nor should it be easy to trigger it through exploits (why low-level languages like c try to store code ahead of runtime data...so buffer overflows are less likely to overwrite memory locations that may get executed). As a perfect example of such terrible design, digg shouldn't be allowed to lockup my web browser as javascript builds the page to display. Turning off javascript should still show me a static content page, and if the web were still primarily a document format, such behavior occurring by default would be totally unacceptable. Malformed markup code can still provide openings against buggy software, but the OS itself can protect against that also (with the no-execute bit or OS-level memory protection).

    Documents can't nearly as easily exploit the programs that read them and insert viruses if the program never actually executes anything in the document.

    If you wish to [strikeout]flaunt[/strikeout] relate to your low-level knowledge, consider the 1's and 0's that won't execute on your CPU because they are being read from a memory location that has a "no-execute" bit set. The CPU can still run code from elsewhere that uses that data as input, but can't run the data itself. Similarly, programs like Adobe Reader shouldn't be "running" .pdf files, they should just be reading and displaying them, with any dynamic features off until initiated.
  • Bamborzled, on 10/29/2007, -0/+3"Adobe Reader Speed-Up"
    You know that "Adobe Reader Speed-Up" just loads Adobe Reader when your system starts up?
  • HonoredMule, on 10/29/2007, -0/+3It makes sense to us, but consider how few people seem to comprehend a distinction between "markup" and "program" languages. I would that there were such a clear distinction, commonly understood and upheld by all popular implementations of any type of system.

    Which isn't to say we can't have program code in markup code, but why on earth would anything default to executing program code in data formats that are markup-code-centric? Static documents that don't work well or have to execute embedded program code to achieve basic functionality only indicate really poorly designed systems. Furthermore, exceptions (like javascript in html) need super-paranoid sandboxing.
  • HairyPoter, on 10/29/2007, -1/+4let's rephrase the title from
    "Report: PDF files used to attack computers"
    to
    "Report: PDF files used to attack WINDOWS computers"
  • JNudda, on 10/29/2007, -0/+3Since Friday? I've been getting junk emails with PDFs in them for months....
  • marvinmatthew, on 10/29/2007, -4/+6I think a program venerability would be best off in the 'security' section, no?
  • stutimandal, on 10/29/2007, -2/+4Why do people click on attachment from random senders? About four years ago this attachment method was used to send viral *.exe files. How come people still make that same mistake?

    Those who are saying Foxit yeah, Adobe sucks etc .. try opening a file with sktb or skt fonts in Foxit. Only Adobe does justice to all (most) of the latex font-set.
  • ubergeek09, on 10/29/2007, -3/+5That's because Macs aren't computers, they are overpriced toys.
  • Tenoq, on 10/29/2007, -0/+2That was superb. Nothing wrong with spelling nazis if they have a sense of humour. :-)
  • Hosalabad, on 10/28/2007, -0/+2This is older than last friday.
  • DontGiveADamn, on 10/29/2007, -0/+2Fox-it baby!
  • HonoredMule, on 10/29/2007, -0/+2Also, javascript in html isn't really an exception not only because it IS kept separate, but also because we have to accept at this point that the web is no longer markup-code-centric. It's a dynamic program environment. But the level of interactivity that results from this situation already tells people that clicking on a link isn't something that can be presumed safe.

    I have to admit on my own account, that while I wouldn't open an unexpected or unpredictable pdf attachment, it would be only because I assume it's spam, and I wouldn't expect without warning that it could house a virus. After all, it's not like some crappy MS format that loves to embed vb script.
  • meno911, on 10/28/2007, -0/+1Is Adobe on Ubuntu Safe? ;)
  • nullx42, on 10/29/2007, -0/+1lol I think they have that too now.
  • prthealien, on 10/28/2007, -0/+1Just download the Acrobat alternative FoxIt
  • inactive, on 10/29/2007, -1/+2Sorry, but foxit was pretty weak last time I checked it.
  • migvel, on 10/29/2007, -1/+2*****! THAT PAGE EXISTS!! I HAD TO SHUT DOWN MY PC!!
  • monikerd, on 10/29/2007, -0/+1I do suggest you be very careful. There was this initial noise about this a few months ago, then silence, and now more and more public security pooha. Well that silence wasn't a silence that were malicious people being as quiet as possible about their new toys. Steeling identities near you.

    any employee will open a .pdf if it appears to be slightly related to their job. My advice would be not to act tough, and be paranoid about this problem. Keep corporate secrets secret, don't feed the identity thieves.
  • inactive, on 10/29/2007, -1/+2Your logic is amazing.
  • TritonX, on 10/29/2007, -0/+1Because only microsoft's product are built in a way that this is possible. There is more interesting stuff in security than another windows exploit.
  • mclewell, on 10/28/2007, -0/+1This is old news. Virus have been sent in PDF's probably since they were created.
  • ryodoan, on 10/29/2007, -1/+2The problem is that everything, EVERYTHING, on a computer is represented by 1's and 0's, and the way a lot of virus's work is that they take something innocent like a PDF file, and then inject their 1's and 0's into the file, the computer will just be chugging through the information and get hijacked by the rouge code in the file.

    If you are in college and can take an assembly language course and a Digital Systems course it will be boring as hell, but you will come out with a lot better understanding of how a computer can do what they do, and how easy it is for a knowledgable person to hijack innocent files.
  • awb49, on 10/29/2007, -1/+2Venerability? If you mean vulnerability then say so in order to communicate. Thanks.
  • EmperorAwesome, on 10/29/2007, -0/+1...but they decided to stop.
  • JMellissa, on 10/29/2007, -0/+1Gee, nothing is safe anymore.
  • mentor972, on 10/29/2007, -3/+4Good thing I have a Mac.
  • AlmostEvil, on 10/29/2007, -0/+1I'm having to be REALLY careful at work. I work at a print company, this means we send and receive LOADS of PDF's daily. I've so far patched up all machines but now that this exploit is out there will now be blackhats out there searching for more.
    Adobe really isn't security focused, why would they be? MS has been gradually tightening up their apps, not massively but enough for *hats to look at apps other than web browsers and email clients. We'll be seeing this a lot more often. Exploits in Adobe Acrobat etc.
  • czeman, on 10/28/2007, -0/+1I've been receiving infected PDFs for at least a couple years. It just seems like it would be common sense not to open attachments from unknown senders, but I guess that's just me.
  • billyfalconer, on 10/29/2007, -0/+0Wrong. Get a Mac or Linux box.
  • brettmjohnson, on 10/29/2007, -0/+0From TFA:

    "When such PDF files are viewed on vulnerable machines, they start downloading software from servers in Malaysia or Sweden..."

    No definition of "vulnerable machines" is given. From the Adobe download site:

    "This patch affects Windows XP SP2 with IE7 and Adobe Reader 7 through 8.1 and addresses the flaws cited in CVE-2007-5020."

    As mentioned in another comment, good think I use a Mac and Preview.app is my default PDF viewer.
  • Fetching more discussions...
    Show 51 - 76 of 76 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.