PDFs are now No. 1 vehicle for web-based attacks

  1. Stacie L profile image91
    Stacie Lposted 8 years ago

    any computer experts want to chime in about this? I 'm nervous about pdf's now

    PDFs are now No. 1 vehicle for web-based attacks
    Attack commences once vulnerablity in Adobe Reader is exploited

    By Sue Marquette Poremba
    updated 1/17/2011 3:46:41 PM ET 2011-01-17T20:46:41

    When cyber bad guys started sending viruses and Trojans through e-mail, the common wisdom was to never trust an unverified Microsoft document, but that Portable Document Formats were always safe.

    Times have changed. PDFs are the No. 1 vehicle for web-based attacks today. According to Symantec’s quarterly threat report for April-June 2010, malicious PDF activity — in which attempts to download suspicious PDF documents were observed — accounted for 36 percent of all malicious activity .

    PDFs were also a major problem in 2009, yet outside the security community the attacks go largely unknown.

    The problem is how PDF files are written, according to Anup Ghosh, founder and chief scientist at security-software producer Invincea. Not only are the data presented in a document format, but code can also be inserted.

    "So when the document is opened," Ghosh explained, "you’re not only rendering data, but potentially executing code that is embedded into the document."

    This code can exploit vulnerabilities in the PDF reader or PDF specification (what the computer requires to read the documents). Readers are easy enough to fix, Ghosh said, but the specifications are more difficult.

    Malicious code

    The bulk of attacks are against Adobe Reader using a Java script interface. "The way the attacks work is, when you load a PDF document, it starts running Java code, exploiting the vulnerability in Adobe Reader," said Ghosh. "Once the vulnerability is exploited, a Trojan horse or other malicious executable is delivered to the computer."

    One of the most serious attacks is a Trojan horse called Zeus , which steals bank account information. It will stay dormant until you go to your bank account, and is so sophisticated it will wait until the user has entered all of the passwords and authentication codes . Then it will stealthily schedule to transfer money from your bank account to the criminal's.

    An estimated 99 percent of all computers, no matter the operating system (OS), use Adobe as the primary PDF reader. Right now, malicious code will execute only for the OS it is written for, which is primarily Microsoft. However, Ghosh pointed out recent warnings of potential attacks across multiple platforms, including Apple products.

    Some tips

    As more people are downloading e-books and magazines in PDF format, how can they enjoy their reading material while keeping safe?

    First, e-reader devices are currently safe from malicious attacks, so you can download without fear.

    Second, download PDFs only from trusted sources. (However, Ghosh said PDFs are popular in spearphishing – where phishing e-mail is personalized to the recipient, often from a known address. A recent spearphishing campaign claimed to offer tips in a PDF file from a famous golf pro.)

    Lastly, consider trying another PDF reader such as Foxit or PDF-Xchange.

    http://www.msnbc.msn.com/id/41123276/ns … ?gt1=43001

  2. rebekahELLE profile image87
    rebekahELLEposted 8 years ago

    I never open a PDF unless I know exactly where it's coming from.


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)