Posts Tagged ‘Adobe Acrobat’

Users are being tricked into opening rigged PDFs and then infected with a Windows worm variant.

Several security companies today warned of a major malware campaign that tries to dupe users into opening rigged PDFs that exploit an unpatched design flaw in the PDF format.

Users who open the attack PDFs are infected with a variant of a Windows worm known as “Auraax” or “Emold”.

The malicious messages masquerade as mail from company system administrators and come with the subject heading of “setting for your mailbox are changed” according to CA Inc.’s security group. A PDF attachment purportedly contains instructions on how to reset e-mail settings.

“SMTP and POP3 servers for … mailbox are changed. Please carefully read the attached instructions before updating settings.”, the message states.

In reality, the PDFs contain embedded malware and use the  /Launch function to execute this malware on Windows PCs running the newest versions of Adobe Acrobat or the free Adobe Reader, as well as other PDF viewers, such as Foxit Reader.

The /Launch feature is not a security vulnerability (per se), but actually a by-design function of the PDF specification.

Adobe has previously declined to answer questions on whether in-the-wild use of /Launch in rigged PDFs would prompt the company to update Reader and Acrobat, although it has said a change to the functionality might “conceivably [be made] available during one of the regularly scheduled quarterly product updates.”

One possible solution would be to disable the function; currently, it’s turned on by default.

Hackers are using a tactic of modifying the warning that Reader and Acrobat display. Adobe Reader, for example, displays a message telling users to open only those files they know are safe. In the same Windows dialog box, Reader displays the name of the file about to be launched.

Hackers have modified the warning to simply read, “Click the ‘open’ button to view this document.”

The malware launched from the rigged PDFs seems to be a version of the Auraax or Emold worms. The worm drops a rootkit onto the compromised PC and tries to copy itself to all removable drives, including flash drives, to spread using the “Autorun” infection tactic made popular by 2008′s Conficker worm.

Malicious messages with attached PDF documents can pose as ones from “customersupport@domain name.com”,  “support@domain name.com” and “admin@domain name.com” where domain name is typically the name of the recipient’s company.

Adobe’s current advice remains that users configure Reader and Acrobat to stymie such attacks, she added. Adobe’s Web site has instructions about how to do that.

IBM’s security team also recommended that users disable the Windows Autorun feature for all flash drives, and it pointed users to a Microsoft support document for instructions and updates.

Here are some free products that can help save you from malicious software and eavesdroppers. Don’t leave your computer (and your business!) exposed and vulnerable.

The Internet is one of the biggest security holes in the world. When you’re online, websites can gather a massive amount of information about you. Trojan horses and spyware can snoop on you. Keyloggers can capture your keystrokes as you type. Eavesdroppers can steal your passwords.

The free downloads presented here can help to protect you, your family and your business, providing a safer online experience. I did not include antivirus or antispyware programs in favour of focusing on tools you might not have heard about.

Firewalls

A firewall is one of the most basic pieces of protection software you can get. A firewall can shield you from inbound snoopers and even prevent software from sitting invisibly on your computer, making outbound connections to report your activities to unknown sources.

Comodo Firewall Pro

You may figure that you’re perfectly safe if you already have a firewall on your computer through Windows XP or Vista. You aren’t. The firewalls built into both of those systems have issues. The Windows XP firewall, for example, lacks outbound protection. And the Windows Vista firewall is very, very difficult to customize.

An awesome download for a truly flame-proof firewall is the Comodo Firewall. It offers protection for both inbound and outbound threats, along with some very nice additional features. Its Defense+ feature, for example, locks down particularly vulnerable files and folders so that nothing can alter them.

You will have to spend a bit of time training this software, but it’s well worth the effort. What will happen is that you’ll get a pop-up when installing or accessing software that asks you whether you want to allow the application to proceed. You can cut down on the training time and the number of interruptions by using the program’s Clean PC mode. In this mode, Comodo scans your PC for applications and registers them as “safe”. Afterward, you won’t see as many alerts. Another nice extra is an “install mode” that shuts off the firewall for 15 minutes, so you can install a new application without getting inundated with alerts.

FREE Download: Comodo Firewall Pro
http://www.comodo.com/index.html

Vista Firewall Control

The Windows Vista firewall is better than the one built into Windows XP because it includes outbound as well as inbound protection. Outbound protection is vital, because Trojan horses and spyware often use silent outbound connections to do their damage. In addition, some malicious software uses invisible outbound connection from your computer to send out spam or malware without your knowledge.

It has one big problem, however… The outbound firewall is almost impossible to configure.
The Vista Firewall Control utility gives you the control that Vista SHOULD have. When a program attempts to make any outbound connection an alert appears, identifying the application. You can then choose to enable or disable the connection.

FREE Download: Vista Firewall Control
http://www.sphinx-soft.com/Vista/

Password Protection

Password theft is one of the biggest problems that a user faces online. With the following downloads, you’ll be able to keep your passwords private and safe.

KeePass Password Safe

Most people have dozens of online and offline passwords used for websites, e-mail, and more. If your password is stolen, you’re in trouble.

KeePass Password Safe offers a simple way to keep track of and store all of your passwords in a lightweight, simple-to-use database. It encrypts the database so that only you have access to it. You can lock it with a master password or with a file key.
KeePass Password Safe stores all of your passwords in groups, so you can find the one you need easily, letting you drag-and-drop your passwords, copy them to the clipboard, and paste them into a webpage or an application using a hot-key. You can also search for passwords, and print and export them in various formats, including CSV, HTML, TXT, and XML files. You can import them, too. This application can generate random passwords as well.

FREE Download: KeePass Password Safe
http://keepass.info/

KeyScrambler Personal

One of the biggest risks you face online is theft of your username and passwords from logging into commercial websites (such as banking and financial sites) and web-based e-mail accounts. A criminal who steals that information could easily empty your bank account and steal your identity.

This add-on to Internet Explorer and Firefox is intended as a simple way to help keep you safer. As you type your password, KeyScrambler Personal scrambles it so that the information sent out over the Internet doesn’t match what you type. A small icon sits at the bottom of your screen and as you type, you’ll also see the scrambled text that the program is sending.

FREE Download: KeyScrambler Personal
http://www.qfxsoftware.com/

Cleaning Your Traces

As you surf the internet, your web browser keeps traces of your travels on your computer. Websites and people who may use your computer can look at those traces as well. Fortunately, there are tools that can get rid of the tracks you leave behind. Another privacy problem relates to Microsoft Office. Documents that contain private information (unknown to the sender) that get sent out by e-mail.

Free Internet Window Washer

To maintain your privacy, you need an internet washer like Free Internet Window Washer – a free tool that will delete your IE browsing history, recently typed URLs, etc. Click Wash Settings, then click Browsers, and the program will remove everything you ask it to clean. If you prefer, click Test Now to see a preview of what the program will do.
Free Internet Window Washer also cleans traces from instant messengers such as AIM, ICQ, MSN Messenger, Skype, and Yahoo! Messenger. It also cleans traces from a wide variety of other programs, including Microsoft Office and Adobe Acrobat.

FREE Download: Free Internet Window Washer
http://www.eusing.com/Window_Washer/Window_Washer.htm

CCleaner

Here’s another great tool for cleaning up all traces of your internet browsing activities. While CCleaner cleans both Internet Explorer and Firefox, it also cleans traces from Adobe Acrobat, Adobe Flash Player, Google Toolbar, and Windows Media Player. It even cleans up after larger apps such as Microsoft Office, and it also includes a registry cleaner.

FREE Download: CCleaner
http://www.ccleaner.com/

SendShield

A lesser-known privacy issue may be among the most dangerous: hidden, private information in Microsoft Office documents that become exposed when the documents are made public. This problem has struck some of the best-know enterprises in the world – such as Google, and even the British government. Office documents contain lots of private info that the owner might prefer remain private, such as hidden text, document authors, revision histories, mark-up, hidden cells, and hidden spreadsheets. When such information hitchhikes along with the visible text of a document, people can find it without much effort.

SendShield is an excellent, well-designed and free solution. When you send a Microsoft Office document through Outlook, SendShield looks inside the document for private information and shows you what it finds. You can then delete all of the information you wish. The deletion affects only the copy of the document you send; the original file remains intact on your computer.

FREE Download: SendShield
http://www.sendshield.com/home/index.php

Rootkit and Malware Killers

Even the best antivirus and antispyware tools can’t keep your information and computer completely safe. Rootkits can often escape detection, and once they are installed in your computer system, a malicious person can take control of your system and steal whatever private info they want. Here are two rootkit/malware killers that may help tip the odds in your favour.

F-Secure Blacklight Rootkit Eliminator

Rootkits spread in various ways, such as by hitching a ride along on another download. Then it hides deep in your system, using sneaky techniques to escape detection and elimination. With a rootkit infecting your system, someone can take complete control of your computer without your knowledge. Some antivirus tools claim to detect and kill them, but many don’t. Even if your antivirus software claims to detect them, it’d be wise to use F-Secure’s Blacklight Rootkit Eliminator as well. This tool is designed exclusively to detect and kill rootkits.

The program inspects your computer’s files and hidden processes to determine if you’ve been infected with a rootkit. It then tells you whether your system is clean or may be infected, listing every sign of infection that it found. You can then use Blacklight Rootkit Eliminator to remove the threat. Before taking that step, though, it’s a good idea to search for the file name on Google and make sure that the file is a rootkit and not some obscure, legitimate file.

If you don’t feel comfortable renaming, restoring, and deleting files – and troubleshooting PCs – you may be wiser to pass on this more advanced utility.

FREE Download: F-Secure Blacklight Rootkit Eliminator
http://www.f-secure.com/security_center/

HijackThis

If spyware or a Trojan gets past your defenses despite your best efforts, download HijackThis. It can help detect problems that other malware detectors can’t find, and then will advise you about what to do.

Unlike most other antimalware software, HijackThis doesn’t automatically detect dangerous software. Instead, it looks deeply into your system’s Registry and into other areas that are likely to be infected, and then saves its results to a log file. You then post the log file to the HijackThis website for experts to examine. They analyze, determine if your system is infected, and then tell you how to fix the problem.

FREE Download: HijackThis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Browsing Privacy and Security

Looking for multipurpose tools for protecting your privacy and security? The following three can help you surf anonymously, avoid trouble at wireless hot spots, and receive alerts about certain sites that may host malware designed to invade your privacy.

Tor

A surprising amount of information about you can be gathered as you surf… The operating system you use, the sites you’ve visited, your location, and possibly even your company (based on your IP address).

Tor takes all of your internet communications, including instant messaging and other Internet applications, and sends them around a network of “onion” routers (Tor servers), making it impossible for sites or people to invade your privacy.

The Tor download includes other software that you need for maintaining your privacy, such as Privoxy, a proxy program. These programs work well together; and because the software self-configures, they are simple to use. Tor runs in your system tray. To become anonymous, right-click the icon and choose Start. From that point on, you’ll be anonymous. To stop surfing anonymously, right-click again and choose Stop. You can even change your Tor identity for maximum cloaking.

FREE Download: Tor
http://www.torproject.org/

Hotspot Shield

Online dangers can even  arise when you’re away from your home or office: Wi-Fi hacking and snooping. In a hotspot at a public location, a criminal can set up a “sniffer” to capture all the data sent by everyone in the area. The snoop can see all of the information you send and receive over the Internet, including your user names and passwords.

Hotspot Shield sets up a virtual private network (VPN) for you and encrypts all of your data so that it can’t be read. It’s quite simple to install, set up, and use, except that during the installation process, you must make sure not to let the Dealio toolbar be installed. It’s adware that has nothing to do with how the program works, and choosing not to install it won’t have any adverse effects.

FREE Download: Hotspot Shield
http://anchorfree.com/downloads/hotspot-shield/

McAfee Site Advisor for Firefox
Most people get infected by downloading software or by visiting a website that installs malware without their knowledge. How can you know which are safe and which ones aren’t? MacAfee SiteAdvisor does a great job of letting you know. When you perform a search in Google or Yahoo, you’ll see an icon that rates the safety of the sites. A red X warns you that it’s a dangerous sites; a green check means that it’s safe; and a yellow exclamation mark means that it’s questionable.

Hover your mouse over the icon and a pop-up will appear, letting you know whether the site has dangerous downloads, if the site sends spam, and whether the site includes links to other sites that are known risks. You get even more information when you click “More Info” on the pop-up where you’ll get a detailed list of the dangerous downloads, and what malware or adware infects the site.

Site Advisor works when you browse sites as well. The software displays a small icon at the bottom of the screen as you surf. The icon warns you when you hit a dangerous site.

FREE Download: McAfee Site Advisor for Firefox
http://www.siteadvisor.com/

Firefox Add-Ons

These three privacy-related, Firefox add-ons are some of the best available to improve your browsing experience.

NoScript

Interactive features can be used to attack and damage your computer. JavaScript, plug-ins, Java, and other kinds of code on websites can be hazardous. But the problem is, if you turn them off you lose some of the best things on the Web; and if you keep them, you expose yourself to danger.

NoScript is a Firefox extension that lets you turn scripts, plug-ins, and other interactive elements on or off independently, turned on at some sites and turned off at others. It also protects against cross-site scripting attacks, as well, lets you to customize which scripts and/or extensions you allow on a per-site basis. You can also block sites temporarily or permanently.

FREE Download: NoScript
http://noscript.net/getit

WOT

WOT is a Firefox add-on that rates sites according to their privacy, security, and trustworthiness, from Excellent to Very Poor. It displays an icon indicating how it rates a particular site. As you search, you’ll be able to see the icon as well, so you can decide before visiting a site whether you want to go there.

FREE Download: WOT
https://addons.mozilla.org/en-US/firefox/addon/3456

Secure Login

Secure Login provides a way for you to log in to websites securely. It integrates with Firefox’s password list so when you visit a site, you can log in by clicking a button instead of having to type in your user name and password. Secure Login keeps your passwords safe in various ways. It stops malicious JavaScript code from stealing your password, and it can block other password-stealing attacks.

FREE Download: Secure Login
https://addons.mozilla.org/en-US/firefox/addon/4429

Don’t forget to check out the additional Free Downloads I’ve posted over at ABlakeForum.com – a total of 40 “must have” tools and resources for your business. Here are the links:

http://ablakeforum.com/index.php/topic,1071.0.html

http://ablakeforum.com/index.php/topic,1237.0.html

Have fun!