Don't Open That File!
Yes, just when you thought it was safe to open Adobe Acrobat files (with a .pdf extension), it’s not.
Everyone who reads this should update their Adobe Acrobat Reader here: http://www.adobe.com/support/security/bulletins/apsb09-04.html
Hackers (or as some prefer – cybercriminals), have found a new way to use pdf’s to infect computers (CVE-2009-0927) http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927. By using a legitimate website, or websites, hackers can reach many more unsuspecting web users.
What the cybercriminals are doing is finding legitimate websites they can hack and replacing any pdf files with their infectious pdf’s. Anyone who opens that pdf, either on screen or by downloading it and then opening it, will be subjected to this exploit and could face infection.Some websites have various forms they use for reports, registrations or any of a number of uses.
Frequently the infected webpage is designed to open automatically when you visit the page. Rarely will the website owner know they have an infectious website. Often times the infectious website won’t actually contain the malicious code. The webpage will have a line of javascript that downloads the malicious code from some server in a land far far away.
I usually hear people saying, “I scanned my website with 5 different anti-virus programs and nothing was detected.”
While this doesn’t hurt, rarely will this action find the infected webpage because only the javascript code that “reaches” out to the far away server is on the webpage – and it’s heavily encrypted to avoid easy detection. The actual virus or other malicious code is located on their server and often it’s polymorphic – it changes it’s shape and size for each time it’s downloaded on a user’s PC. This “strategy” helps the infectious code in evading detection by most anti-virus programs.
Hacking of a legitimate website is nothing new in distributing malware as I’ve written about numerous times in other blog postings here.
Update your Adobe Acrobat Reader now!
Let’s be careful out there, huh?
Thank you.
