Story image

PDF exploits run rampant

30 Apr 2010

As the popularity of free PDF readers has increased so too has the malware which exploits the software's vulnerabilities, a McAfee security researcher said Wednesday.

Toralv Dirro, a security strategist with McAfee Labs, says that the amount of malware designed to target security flaws in PDF readers has skyrocketed in recent times, jumping from 2% in 2007 to 28% in this year. 

The most far reaching of the exploits is a variation of an 'Emold' or 'Auraxx' Windows worm which is known to affect both Adobe PDF reader and Foxit PDF reader.

The scam works by sending bogus emails to users with the subject line "setting for your mailbox are changed". 

The body text says: "SMTP and POP3 servers for [your email address] mailbox are changed. Please carefully read the attached instructions before updating settings."

A PDF is attached claiming to be instructions on how to adjust email settings, but in fact, contains malware. 

To protect yourself Microsoft recommends that users disable the autorun feature (instructions here) and only open attachments which are known to be safe.

Adobe recommends updating the patched version of Adobe Reader as soon as possible

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.