PDF-related issue
May 24, 2010 11:38:51 GMT
Post by CharlieChomper on May 24, 2010 11:38:51 GMT
I'm sorry for not posting more news here lately--I've just been very, very busy on top of dealing with some personal matters which have further left me feeling drained.
This is actually an old problem--one that Adobe (amongst others who make PDF reader software) has/have been aware of for years now. It also largely remains unresolved or else has sometimes been ignored or given a very low priority treatment (or just has not been taken very seriously)--this is despite years of warnings and complaints involving it (and the lack of action).
However, it's a problem that's now crept into the number two spot of most common security problems/exploits in use by malware makers (behind IE-related exploits, which has held the number one spot for almost as long as it's been around)--it's also an issue that sadly not too many people are aware of (probably going back to the problem involving Adobe and others who release software to read PDFs...).
The issue in question is what is known as "poisoning" PDFs with malware (usually in the form of containing a link inside the PDF that points to a webpage that contains the malware or by embedding something within the PDF, itself)--as sometimes, the malware writers will insert these "poisoned pdfs" onto a legitimate website so the user has no idea of the issue involved, unless they receive a pop-up of some sort asking them if they want to visit a link (which may even appear legitimate or to a familiar site), which is how they become infected by it (there are a number of different variations of the pop-up, as some may say things such as telling you if you open it, supposedly it will never prompt you again and then introduces the malware).
Adobe, as they're the largest in the PDF market, spent years behaving as the proverbial ostrich in the sand regarding this problem (common tactic, sadly, amongst other companies in the tech industry--they think if they ignore the problem, it somehow will just go away (this usually seems to apply to security problems or issues more often than not, but it has applied to other situations as well) or they think that somehow the maliciously-minded somehow won't catch onto it and downplay it. Unfortunately, as history has proven all too often what happens more often than not is that it's sometimes not until it actually becomes a viable threat that companies (or even some projects not run by companies) will actually do something about it).
The security groups had tried warning them of this threat for years (the same as they did with all other known makers of PDF software). Most refused to take it that seriously or considered it a very low-level risk at best and therefore chose not to do anything about it.
It has only been within the past few years, when news of the fact that that "low level threat" was now a reality and posed a serious risk that suddenly everyone started trying to look for some form of workaround to reduce that risk (although, it still remains vulnerable--there is not a permanent "fix" for it).
What makes it news, though, is that while many anti-virus companies have finally taken to scanning for malware in PDFs and the makers of PDF software have taken some steps to try and lessen the impact (which, many users may not be aware of), the malware writers have come up with a new method of dealing with it.
A temporary workaround (at least, until more permanent fixes are issued--Adobe has been said to be working on shoring up security on the file format, but it remains to be seen as to when that may be released) may depend upon what reader you're using. If it's Acrobat (depending upon what version), you have the option to de-select the allowance of opening non-PDF attachments with external applications while some alternative programs may have a "safe mode" to view documents.
This is actually an old problem--one that Adobe (amongst others who make PDF reader software) has/have been aware of for years now. It also largely remains unresolved or else has sometimes been ignored or given a very low priority treatment (or just has not been taken very seriously)--this is despite years of warnings and complaints involving it (and the lack of action).
However, it's a problem that's now crept into the number two spot of most common security problems/exploits in use by malware makers (behind IE-related exploits, which has held the number one spot for almost as long as it's been around)--it's also an issue that sadly not too many people are aware of (probably going back to the problem involving Adobe and others who release software to read PDFs...).
The issue in question is what is known as "poisoning" PDFs with malware (usually in the form of containing a link inside the PDF that points to a webpage that contains the malware or by embedding something within the PDF, itself)--as sometimes, the malware writers will insert these "poisoned pdfs" onto a legitimate website so the user has no idea of the issue involved, unless they receive a pop-up of some sort asking them if they want to visit a link (which may even appear legitimate or to a familiar site), which is how they become infected by it (there are a number of different variations of the pop-up, as some may say things such as telling you if you open it, supposedly it will never prompt you again and then introduces the malware).
Adobe, as they're the largest in the PDF market, spent years behaving as the proverbial ostrich in the sand regarding this problem (common tactic, sadly, amongst other companies in the tech industry--they think if they ignore the problem, it somehow will just go away (this usually seems to apply to security problems or issues more often than not, but it has applied to other situations as well) or they think that somehow the maliciously-minded somehow won't catch onto it and downplay it. Unfortunately, as history has proven all too often what happens more often than not is that it's sometimes not until it actually becomes a viable threat that companies (or even some projects not run by companies) will actually do something about it).
The security groups had tried warning them of this threat for years (the same as they did with all other known makers of PDF software). Most refused to take it that seriously or considered it a very low-level risk at best and therefore chose not to do anything about it.
It has only been within the past few years, when news of the fact that that "low level threat" was now a reality and posed a serious risk that suddenly everyone started trying to look for some form of workaround to reduce that risk (although, it still remains vulnerable--there is not a permanent "fix" for it).
What makes it news, though, is that while many anti-virus companies have finally taken to scanning for malware in PDFs and the makers of PDF software have taken some steps to try and lessen the impact (which, many users may not be aware of), the malware writers have come up with a new method of dealing with it.
A temporary workaround (at least, until more permanent fixes are issued--Adobe has been said to be working on shoring up security on the file format, but it remains to be seen as to when that may be released) may depend upon what reader you're using. If it's Acrobat (depending upon what version), you have the option to de-select the allowance of opening non-PDF attachments with external applications while some alternative programs may have a "safe mode" to view documents.
