any computer experts want to chime in about this? I 'm nervous about pdf's now
PDFs are now No. 1 vehicle for web-based attacks
Attack commences once vulnerablity in Adobe Reader is exploited
By Sue Marquette Poremba
SecurityNewsDaily
updated 1/17/2011 3:46:41 PM ET 2011-01-17T20:46:41
When cyber bad guys started sending viruses and Trojans through e-mail, the common wisdom was to never trust an unverified Microsoft document, but that Portable Document Formats were always safe.
Times have changed. PDFs are the No. 1 vehicle for web-based attacks today. According to Symantec’s quarterly threat report for April-June 2010, malicious PDF activity — in which attempts to download suspicious PDF documents were observed — accounted for 36 percent of all malicious activity .
PDFs were also a major problem in 2009, yet outside the security community the attacks go largely unknown.
The problem is how PDF files are written, according to Anup Ghosh, founder and chief scientist at security-software producer Invincea. Not only are the data presented in a document format, but code can also be inserted.
"So when the document is opened," Ghosh explained, "you’re not only rendering data, but potentially executing code that is embedded into the document."
This code can exploit vulnerabilities in the PDF reader or PDF specification (what the computer requires to read the documents). Readers are easy enough to fix, Ghosh said, but the specifications are more difficult.
Malicious code
The bulk of attacks are against Adobe Reader using a Java script interface. "The way the attacks work is, when you load a PDF document, it starts running Java code, exploiting the vulnerability in Adobe Reader," said Ghosh. "Once the vulnerability is exploited, a Trojan horse or other malicious executable is delivered to the computer."
One of the most serious attacks is a Trojan horse called Zeus , which steals bank account information. It will stay dormant until you go to your bank account, and is so sophisticated it will wait until the user has entered all of the passwords and authentication codes . Then it will stealthily schedule to transfer money from your bank account to the criminal's.
An estimated 99 percent of all computers, no matter the operating system (OS), use Adobe as the primary PDF reader. Right now, malicious code will execute only for the OS it is written for, which is primarily Microsoft. However, Ghosh pointed out recent warnings of potential attacks across multiple platforms, including Apple products.
Some tips
As more people are downloading e-books and magazines in PDF format, how can they enjoy their reading material while keeping safe?
First, e-reader devices are currently safe from malicious attacks, so you can download without fear.
Second, download PDFs only from trusted sources. (However, Ghosh said PDFs are popular in spearphishing – where phishing e-mail is personalized to the recipient, often from a known address. A recent spearphishing campaign claimed to offer tips in a PDF file from a famous golf pro.)
Lastly, consider trying another PDF reader such as Foxit or PDF-Xchange.
http://www.msnbc.msn.com/id/41123276/ns … ?gt1=43001
I never open a PDF unless I know exactly where it's coming from.
by jeremy bryan 8 years ago
Error printing PDF files with Adobe ReaderSometimes when I attempt to print a PDF file using Adobe Reader it will print the first couple of pages okay then the rest will be messed up. What can be causing this to happen? Any thoughts would be much appreciated.
by Jeff Boettner 11 years ago
What versions of Java, Flash, and Adobe are you currently running?Flash should be at 11.4 --- google "Get Flash" ---Java should be at -- 7.9 --- google "Get Java" --- Adobe Reader should be at XI (11.0) -- google "Get Reader"
by PhoenixV 10 years ago
What Is Adobe Reader X MUI And Why Do I Need It?What Is Adobe Reader X MUI and can I remove it from my computer? Are there any alternatives to Adobe Reader X MUI?
by skylergreene 11 years ago
Is there any way to get Adobe Reader and Flash to stop bugging me about updates every three days?
by PhoenixV 11 years ago
What Is Foxit Reader?What Is Foxit Reader? Is it a good and safe alternative to adobe reader?
by Kate Walters 9 years ago
Reduce A4 PDF to A5 PDF on macI am trying to convert an A4 word document (or an A4 PDF) into an A5 PDF on Mac OS X. Can anyone help? Thanks.
Copyright © 2024 The Arena Media Brands, LLC and respective content providers on this website. HubPages® is a registered trademark of The Arena Platform, Inc. Other product and company names shown may be trademarks of their respective owners. The Arena Media Brands, LLC and respective content providers to this website may receive compensation for some links to products and services on this website.
Copyright © 2024 Maven Media Brands, LLC and respective owners.
As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.
For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy
Show DetailsNecessary | |
---|---|
HubPages Device ID | This is used to identify particular browsers or devices when the access the service, and is used for security reasons. |
Login | This is necessary to sign in to the HubPages Service. |
Google Recaptcha | This is used to prevent bots and spam. (Privacy Policy) |
Akismet | This is used to detect comment spam. (Privacy Policy) |
HubPages Google Analytics | This is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy) |
HubPages Traffic Pixel | This is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized. |
Amazon Web Services | This is a cloud services platform that we used to host our service. (Privacy Policy) |
Cloudflare | This is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy) |
Google Hosted Libraries | Javascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy) |
Features | |
---|---|
Google Custom Search | This is feature allows you to search the site. (Privacy Policy) |
Google Maps | Some articles have Google Maps embedded in them. (Privacy Policy) |
Google Charts | This is used to display charts and graphs on articles and the author center. (Privacy Policy) |
Google AdSense Host API | This service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy) |
Google YouTube | Some articles have YouTube videos embedded in them. (Privacy Policy) |
Vimeo | Some articles have Vimeo videos embedded in them. (Privacy Policy) |
Paypal | This is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy) |
Facebook Login | You can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy) |
Maven | This supports the Maven widget and search functionality. (Privacy Policy) |
Marketing | |
---|---|
Google AdSense | This is an ad network. (Privacy Policy) |
Google DoubleClick | Google provides ad serving technology and runs an ad network. (Privacy Policy) |
Index Exchange | This is an ad network. (Privacy Policy) |
Sovrn | This is an ad network. (Privacy Policy) |
Facebook Ads | This is an ad network. (Privacy Policy) |
Amazon Unified Ad Marketplace | This is an ad network. (Privacy Policy) |
AppNexus | This is an ad network. (Privacy Policy) |
Openx | This is an ad network. (Privacy Policy) |
Rubicon Project | This is an ad network. (Privacy Policy) |
TripleLift | This is an ad network. (Privacy Policy) |
Say Media | We partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy) |
Remarketing Pixels | We may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites. |
Conversion Tracking Pixels | We may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service. |
Statistics | |
---|---|
Author Google Analytics | This is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy) |
Comscore | ComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy) |
Amazon Tracking Pixel | Some articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy) |
Clicksco | This is a data management platform studying reader behavior (Privacy Policy) |