July 1st, 2007, 12:21 AM
PDF = Potentially Dangerous File
It would appear that spammers and scammers are now starting to use PDF file attachments as a means of spreading their wares.
I guess this one is of more interest in the institutional security sector as many organisations use the paid for Adobe product to write and edit such documents.
Employees might thus be lulled into a false sense of security whilst home users would possibly be more suspicious of this relatively "unusual" (to them) format?
July 1st, 2007, 05:39 AM
Yeah, I've seen a few examples of this already. I loathe PDF files, so maybe this will put a dent in their frequency of use.
July 2nd, 2007, 08:59 AM
PDF's are the next big thing, there are so many different attacks you can hide in a PDF, either just by using the file extension of PDF or enclosing a malicious script to run when the user attempts to open the document, or even once the document opens then the script executes in the back ground..
and by doing that sort of malicious stuff you are making it harder for AV's to pick up the file flag it as bad and stop the user from opening/viewing it.
July 2nd, 2007, 11:52 AM
XSS attacks using pdfs have been out for a long time. Use foxit :-)
July 2nd, 2007, 02:00 PM
Yes, but this is raising the bar.............. PDFs are normally used by technical and professional people or in business.
I guess that 90% of private PCs that I see don't even have a PDF reader. This is targetted at people worth scamming.
OK, I know that students use PDFs as well, but they are not really a target as they are usually well in debt already?
July 2nd, 2007, 03:25 PM
You think that few of people really use them? Hmm... I really dont use them often mostly because they are a dog to open but... I think there are a little more people who have them and more that just done use them... (A lot of OEMS preinstall them) who knows though, who knows.
July 3rd, 2007, 09:53 AM
Yeah, I have to admit....format or not I would be ignoring anything like that unless it came from a trusted sender.
I just wonder how much cheaper bandwidth would be if the spammers weren't using it all. I thought PDFs were fairly common myself, but then again...I wouldn't expect them to be emailed to me without the words "put this on the website" being involved. Actually, the network jobs we just put out to tender mostly came back as PDFs.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
July 3rd, 2007, 02:51 PM
I dont know.. I think ISPS want their money reguardless. But I guess that would greatly lower the demand so the price would drop. As far as economics go at least.
July 3rd, 2007, 03:14 PM
I use PDF's on my home computer. Ill keep a look out for them .
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
July 12th, 2007, 07:47 PM
amazing that pump-n-dumps still actually work... (assuming that they must or they wouldn't be still used).
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 01:51 PM
By ali1 in forum The Security Tutorials Forum
Last Post: January 1st, 2004, 10:59 AM
By R0n1n in forum *nix Security Discussions
Last Post: November 20th, 2002, 01:20 PM
By sweet_angel in forum Other Tutorials Forum
Last Post: November 7th, 2002, 12:19 AM
By E5C4P3 in forum The Security Tutorials Forum
Last Post: June 12th, 2002, 04:54 PM