any computer experts want to chime in about this? I 'm nervous about pdf's now
PDFs are now No. 1 vehicle for web-based attacks
Attack commences once vulnerablity in Adobe Reader is exploited
By Sue Marquette Poremba
updated 1/17/2011 3:46:41 PM ET 2011-01-17T20:46:41
When cyber bad guys started sending viruses and Trojans through e-mail, the common wisdom was to never trust an unverified Microsoft document, but that Portable Document Formats were always safe.
Times have changed. PDFs are the No. 1 vehicle for web-based attacks today. According to Symantec’s quarterly threat report for April-June 2010, malicious PDF activity — in which attempts to download suspicious PDF documents were observed — accounted for 36 percent of all malicious activity .
PDFs were also a major problem in 2009, yet outside the security community the attacks go largely unknown.
The problem is how PDF files are written, according to Anup Ghosh, founder and chief scientist at security-software producer Invincea. Not only are the data presented in a document format, but code can also be inserted.
"So when the document is opened," Ghosh explained, "you’re not only rendering data, but potentially executing code that is embedded into the document."
This code can exploit vulnerabilities in the PDF reader or PDF specification (what the computer requires to read the documents). Readers are easy enough to fix, Ghosh said, but the specifications are more difficult.
The bulk of attacks are against Adobe Reader using a Java script interface. "The way the attacks work is, when you load a PDF document, it starts running Java code, exploiting the vulnerability in Adobe Reader," said Ghosh. "Once the vulnerability is exploited, a Trojan horse or other malicious executable is delivered to the computer."
One of the most serious attacks is a Trojan horse called Zeus , which steals bank account information. It will stay dormant until you go to your bank account, and is so sophisticated it will wait until the user has entered all of the passwords and authentication codes . Then it will stealthily schedule to transfer money from your bank account to the criminal's.
An estimated 99 percent of all computers, no matter the operating system (OS), use Adobe as the primary PDF reader. Right now, malicious code will execute only for the OS it is written for, which is primarily Microsoft. However, Ghosh pointed out recent warnings of potential attacks across multiple platforms, including Apple products.
As more people are downloading e-books and magazines in PDF format, how can they enjoy their reading material while keeping safe?
First, e-reader devices are currently safe from malicious attacks, so you can download without fear.
Second, download PDFs only from trusted sources. (However, Ghosh said PDFs are popular in spearphishing – where phishing e-mail is personalized to the recipient, often from a known address. A recent spearphishing campaign claimed to offer tips in a PDF file from a famous golf pro.)
Lastly, consider trying another PDF reader such as Foxit or PDF-Xchange.
http://www.msnbc.msn.com/id/41123276/ns … ?gt1=43001
I never open a PDF unless I know exactly where it's coming from.
by Karen Wardle 9 years ago
Hi. I wasn't sure exactly where to post this question so I am hoping that someone out there can offer some suggestions.I have completed a 25 page document that was done in publisher. I have converted it to a pdf in A4 (after saving the publisher file also).I want to convert the document to an...
by HubPages 6 years ago
How to create pdf
by Anna 6 years ago
How you you export a PDF file into Excel if you only have the free version of Adobe (Reader)?
by OSBERT JOEL C 4 years ago
Which is the best PDF viewer?I have tried Adobe reader and foxit reader. Foxit seems to be better than Adobe.Is there any other pdf reader other than these?Which is the beast pdf reader?
by Aamir 4 years ago
How to convert PDF file to MS Word document?Do you know how to convet PDF file of a MS Word document? If you know about it please give me yor opinion and tell me which is the best software with free cast, please provide the link of the software.
by Jack Lee 2 years ago
Is there a way to import a PDF document directly into a hub?I would like to add a PDF document into a hub's text module or photo module and can't find a good way to do it. Does anyone know how to do it or do we need to request HubPages to add this feature?It would be nice to add the PDF as is with...
Copyright © 2018 HubPages Inc. and respective owners. Other product and company names shown may be trademarks of their respective owners. HubPages® is a registered Service Mark of HubPages, Inc. HubPages and Hubbers (authors) may earn revenue on this page based on affiliate relationships and advertisements with partners including Amazon, Google, and others.
|HubPages Device ID||This is used to identify particular browsers or devices when the access the service, and is used for security reasons.|
|Login||This is necessary to sign in to the HubPages Service.|
|HubPages Traffic Pixel||This is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.|
|Remarketing Pixels||We may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.|
|Conversion Tracking Pixels||We may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.|