PDF = Potentially Dangerous File
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: PDF = Potentially Dangerous File

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191

    PDF = Potentially Dangerous File

    It would appear that spammers and scammers are now starting to use PDF file attachments as a means of spreading their wares.

    http://www.snpx.com/cgi-bin/news55.c...4239321?-13948

    I guess this one is of more interest in the institutional security sector as many organisations use the paid for Adobe product to write and edit such documents.

    Employees might thus be lulled into a false sense of security whilst home users would possibly be more suspicious of this relatively "unusual" (to them) format?


  2. #2
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Yeah, I've seen a few examples of this already. I loathe PDF files, so maybe this will put a dent in their frequency of use.

  3. #3
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Smile

    PDF's are the next big thing, there are so many different attacks you can hide in a PDF, either just by using the file extension of PDF or enclosing a malicious script to run when the user attempts to open the document, or even once the document opens then the script executes in the back ground..

    and by doing that sort of malicious stuff you are making it harder for AV's to pick up the file flag it as bad and stop the user from opening/viewing it.

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    XSS attacks using pdfs have been out for a long time. Use foxit :-)

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Yes, but this is raising the bar.............. PDFs are normally used by technical and professional people or in business.

    I guess that 90% of private PCs that I see don't even have a PDF reader. This is targetted at people worth scamming.

    OK, I know that students use PDFs as well, but they are not really a target as they are usually well in debt already?

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    You think that few of people really use them? Hmm... I really dont use them often mostly because they are a dog to open but... I think there are a little more people who have them and more that just done use them... (A lot of OEMS preinstall them) who knows though, who knows.

  7. #7
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    Yeah, I have to admit....format or not I would be ignoring anything like that unless it came from a trusted sender.

    I just wonder how much cheaper bandwidth would be if the spammers weren't using it all. I thought PDFs were fairly common myself, but then again...I wouldn't expect them to be emailed to me without the words "put this on the website" being involved. Actually, the network jobs we just put out to tender mostly came back as PDFs.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  8. #8
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    I dont know.. I think ISPS want their money reguardless. But I guess that would greatly lower the demand so the price would drop. As far as economics go at least.

  9. #9
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    I use PDF's on my home computer. Ill keep a look out for them .

    Thanks Nihil.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  10. #10
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76
    amazing that pump-n-dumps still actually work... (assuming that they must or they wouldn't be still used).

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. 4 steps to making your computer immortal online.
    By ali1 in forum The Security Tutorials Forum
    Replies: 27
    Last Post: January 1st, 2004, 11:59 AM
  3. Solaris Hardening
    By R0n1n in forum *nix Security Discussions
    Replies: 3
    Last Post: November 20th, 2002, 02:20 PM
  4. *nix small lesson
    By sweet_angel in forum Other Tutorials Forum
    Replies: 0
    Last Post: November 7th, 2002, 01:19 AM
  5. Securing Your Windows PC
    By E5C4P3 in forum The Security Tutorials Forum
    Replies: 10
    Last Post: June 12th, 2002, 05:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •