• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   Portable Document Format or Portable Malware Format?

Portable Document Format or Portable Malware Format?

  • Posted on:February 20, 2009 at 6:03 am
  • Posted in:Exploits, Malware, Vulnerabilities
  • Author:
    Jonathan Leopando (Technical Communications)
4

The Portable Document Format, or PDF for short, has always been a popular way of distributing documents. It’s no surprise then that cybercriminals have tried to use it as a means of spreading malicious files.

Yesterday, the Shadowserver Foundation underlined the severity of this problem when they released details about a new vulnerability in versions of both Adobe Acrobat and Adobe Reader. Folks at Adobe assured users that they are working on a patch, to be released in March.

Trend Micro already detects files that exploit the new vulnerability as TROJ_PIDIEF.IN. These specially crafted PDF files crash Acrobat and/or Reader–but not before they drop malicious files onto the affected system. The exact malware that is dropped varies, but includes backdoors like BKDR_NETCL.A, and other software exploits like EXPL_EXECOD.A. The potential of an exploit like this is only limited by the imagination of cybercriminals. It spreads the same way normal PDF files can be distributed–either as an email attachment, or downloaded from Websites.

Until Adobe patches this issue, users should exercise caution with PDF files that come from untrusted sources. Using third-party PDF readers such as Foxit will also reduce the threat. In addition, it is highly recommended to disable JavaScript rendering.

Update as of 22 February 2009, 7PM PST

Users who do not want to install an alternative PDF reader could disable Acrobat JavaScript. This would stop the exploit, because its vector is through JS. This option is in Edit>Preferences, under JavaScript settings.


Figure 1. How to disable Adobe JS.

More information on this vulnerability, as well as all the related malware, could be found on the Trend Micro security advisories page.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: 0-dayAdobeadobe 0-dayadobe acrobatadobe exploitadobe pdfadobe readercomputer viruscomputer virus newsExploitfoxitMalwaremalware blogmalware removalpdfpdf 0-dayPDF exploitportable document formatshadowservertrend microzero day

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Necurs Evolves to Evade Spam Detection via Internet Shortcut File
  • Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
  • XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
  • XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • ChessMaster Adds Updated Tools to Its Arsenal
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.