Posts Tagged ‘PDFs’

Users are being tricked into opening rigged PDFs and then infected with a Windows worm variant.

Several security companies today warned of a major malware campaign that tries to dupe users into opening rigged PDFs that exploit an unpatched design flaw in the PDF format.

Users who open the attack PDFs are infected with a variant of a Windows worm known as “Auraax” or “Emold”.

The malicious messages masquerade as mail from company system administrators and come with the subject heading of “setting for your mailbox are changed” according to CA Inc.’s security group. A PDF attachment purportedly contains instructions on how to reset e-mail settings.

“SMTP and POP3 servers for … mailbox are changed. Please carefully read the attached instructions before updating settings.”, the message states.

In reality, the PDFs contain embedded malware and use the  /Launch function to execute this malware on Windows PCs running the newest versions of Adobe Acrobat or the free Adobe Reader, as well as other PDF viewers, such as Foxit Reader.

The /Launch feature is not a security vulnerability (per se), but actually a by-design function of the PDF specification.

Adobe has previously declined to answer questions on whether in-the-wild use of /Launch in rigged PDFs would prompt the company to update Reader and Acrobat, although it has said a change to the functionality might “conceivably [be made] available during one of the regularly scheduled quarterly product updates.”

One possible solution would be to disable the function; currently, it’s turned on by default.

Hackers are using a tactic of modifying the warning that Reader and Acrobat display. Adobe Reader, for example, displays a message telling users to open only those files they know are safe. In the same Windows dialog box, Reader displays the name of the file about to be launched.

Hackers have modified the warning to simply read, “Click the ‘open’ button to view this document.”

The malware launched from the rigged PDFs seems to be a version of the Auraax or Emold worms. The worm drops a rootkit onto the compromised PC and tries to copy itself to all removable drives, including flash drives, to spread using the “Autorun” infection tactic made popular by 2008′s Conficker worm.

Malicious messages with attached PDF documents can pose as ones from “customersupport@domain name.com”,  “support@domain name.com” and “admin@domain name.com” where domain name is typically the name of the recipient’s company.

Adobe’s current advice remains that users configure Reader and Acrobat to stymie such attacks, she added. Adobe’s Web site has instructions about how to do that.

IBM’s security team also recommended that users disable the Windows Autorun feature for all flash drives, and it pointed users to a Microsoft support document for instructions and updates.

There are a lot of people that talk about how cool Internet Marketing is and how much money you can make. But there is one thing they never talk about… And that is how people can totally rip off your product and share it amongst other thieves.

Click here to read more

No matter how long you have been selling online, it will happen to you.  If it hasn’t yet, it’s only a matter of time.

In fact, there are hundreds of websites out there that are totally dedicated to stealing and sharing eBooks. Up until now you could not do anything about it.

I’ve discovered a simple and inexpensive solution to combat the scum of the internet and safely protect my eBooks.

And I want to share it with you.

Check it out…its amazing!

Click here to read more

You can now find out the sucker that shared your stuff, And once you catch the loser doing it…and when you have their details you can do all sorts of things to bring them down.

You Can…

• Get Their Paypal Account Shut Down (Ouch)

• Shut Down Their Internet Connection (Bye Bye)

• Ban Them From Ever Purchasing Your Products Ever Again (See Ya)

• Have Their Warrior Forum Account Closed ( Gone )

• Start Legal Action And Really Nail Them ( Take Them To The Cleaners)

Never before have you ever had this much power and the ability to track down the people that are sharing your pdf reports!

Click here to read more

There is a strict limit of 50 copies being sold. Get yours today!!