Story image

PDF exploits run rampant

30 Apr 10

As the popularity of free PDF readers has increased so too has the malware which exploits the software's vulnerabilities, a McAfee security researcher said Wednesday.

Toralv Dirro, a security strategist with McAfee Labs, says that the amount of malware designed to target security flaws in PDF readers has skyrocketed in recent times, jumping from 2% in 2007 to 28% in this year. 

The most far reaching of the exploits is a variation of an 'Emold' or 'Auraxx' Windows worm which is known to affect both Adobe PDF reader and Foxit PDF reader.

The scam works by sending bogus emails to users with the subject line "setting for your mailbox are changed". 

The body text says: "SMTP and POP3 servers for [your email address] mailbox are changed. Please carefully read the attached instructions before updating settings."

A PDF is attached claiming to be instructions on how to adjust email settings, but in fact, contains malware. 

To protect yourself Microsoft recommends that users disable the autorun feature (instructions here) and only open attachments which are known to be safe.

Adobe recommends updating the patched version of Adobe Reader as soon as possible

The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.