One of the largest sources of malware infections is PDF files with scripts buried in them. The embedded JavaScripts have instructions to download and install various types of malware. The Adobe Reader and Adobe Acrobat are the major targets for this kind of attack. Although Adobe seems to issue an unending stream of updates, many PC users still get infected. Here is a tip to help avoid malicious PDF files.
From their antimalware products, Microsoft gathers data about the source of malware infections. The Microsoft MSDN blog has just given a list of common infected PDF files that have been detected. I suspect that many readers of Gizmo’s have scripting disabled in their PDF reader but to be on the safe side here is the list from Microsoft. If you see any of the eight files below, do not open them but delete them permanently.
- pdf_new[1].pdf
- auhtjseubpazbo5[1].pdf
- avjudtcobzimxnj2[1].pdf
- pricelist[1].pdf
- couple_saying_lucky[1].pdf
- 5661f[1].pdf 7927
- 9fbe0[1].pdf 7065
- pdf_old[1].pdf
An article describing how to disable JavaScript in the most common free PDF readers is at this link.
Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.
This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.
Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.
Comments
As far as I know Sumatra doesn't do JavaScript.
Or at least there's no reference to it that I can see in Sumatra's docs or options.
What about embedded PDF readers in browsers? Same story?
Thanks for the article. I did not realize that PDFs were vulnerable to this type of attack and thought them to be fairly safe to open, even if you didn't know the sender (sometimes I'm just curious to what the spammers are sending these days).
What about using alternative PDF readers, such as Nitro, Foxit, Sumatra, etc? Are they as vulnerable as Adobe Reader?
.
Thanks, Vic, and thanks for all your good work here on Gizmo's site!
.
I have disabled Javascript in all my PDF readers.
Moral of the story: don't run Windows.
It seems to me the issue is with PDF files, not the application you open the files with. What ever happened to the old adage that if you don't know the sender / aren't expecting a specific download, you leave well enough alone, i.e., you don't open unsolicited attachments or files?
I certainly don't open them - its the circular file for them. Worse case is that someone you know has to resend an email to you. Far better that than an infection!
Agree with pdf's sent via email, BearPup. My concern would be opening an email from a website, say, 'pricelist.pdf' as mentioned above. The others look suspicious from the get-go.
I wondered the same thing (about other PDF readers) and decided that I'd disable scripting in everything, since most of them would also run scripts that are embedded in a PDF document.
Turning off scripting in Adobe Reader:
From the menu, select Edit, then Preferences, then JavaScript. Then unclick Enable JavaScript.
Until Oracle can come up with a method of defeating all such problems, I've shut off JavaScript in everything that uses it.
@ gruff,
icbw but, i was under the impression that oracle didn't have anything to do with "javascript", they are the "java development platform" owners, the much-exploited browser plug-in, (and pc s/ware) that used to belong to sun microsystems. that being said, oracle was attempting to get the 'java' platform to run in a 'javascript'. i'm not sure how that turned out though.
michael clyde
Thank you. I searched adobe help, but couldn't find out how to do that.
Is this just a problem with Adobe or with PDF-Xchange and others as well? If only Adobe, would be nice to mention Gizmo's 'non-Adobe pdf viewer' section.
I know this isn't a 'how to' article but a short explanation or link to how to disable scripting would have also been nice.
Hello.
I was wondering if you had any information on vulnerabilities associated with Foxit PDF reader.
Thanks