[StBernard] New PDF Attack Making the Rounds

[Westley Annis]

==== IN THE NEWS ================================

New PDF Attack Making the Rounds
   by Paul Thurrott, thurrott at windowsitpro.com

New PDF Attack Making the Rounds
With today's OSs providing more security controls than ever, malicious 
hackers are turning to unpatched applications as a way to infiltrate 
users' systems. This week, a malicious PDF document that exploits 
security flaws in Adobe's popular Adobe Reader and Acrobat software, 
and in Microsoft Internet Explorer (IE) on Windows XP and Windows 
Server 2003, is making its way across the Internet, threatening to 
compromise PCs around the globe.

Adobe has actually fixed the flaw already, and it shipped a free 
update on Monday for users of the latest versions of its software. But 
many Adobe customers don't regularly update their software--or, in 
millions of cases, don't even remember the software is even on their 
PCs. And Adobe has yet to ship an update for older versions of Reader 
and Acrobat. All of those users are still at risk.

But Adobe isn't completely to blame. The attack takes advantage of a 
mailto: flaw in the IE 7 version for XP and Windows 2003 to spam mail 
the malicious document via an email attachment. The document typically 
has a name like YOUR_BILL.pdf or INVOICE.pdf, and launches a Trojan 
horse attack called Pidief.a when the document is opened. This Trojan 
shuts down the PC's firewall and downloads other malware directly to 
the PC, thus compromising the machine and putting it under the control 
of remote hackers.


Although Microsoft plans an IE patch and Adobe has pledged to update 
earlier Reader and Acrobat versions, a little common sense will go a 
long way toward combating this problem. As is always the case, users 
are cautioned from opening unexpected email attachments from unknown 
senders. And systems administrators are advised to temporarily block 
the delivery of PDF files via email attachment.