[tweetmeme source=”franscomputerservices” only_single=false]Embedded PDF executable hack goes live in Zeus malware attacks (Ryan Naraine at ZDNet)
Yes, there has been a lot of coverage on Adobe Reader vulnerabilities, and this is no exception, and with good reason since this is being actively exploited.
This one is the same /launch vulnerability built into Adobe Reader that was being exploited to run malicious code. This one also comes via email, and the PDF has an embedded attachment within the document. The file is executable and if you run it, it will install the Zeus bot on your computer.
From the article:
Here are the instructions for mitigating a potential attack:
* Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”
It is important to download PDF files from email rather than opening them directly from email, as with any attachment, so you can virus scan the file prior to opening it.
One way to keep PDF files from opening in browsers if you are using Firefox is to install the PDF Download Extension which allows you to download rather than open a PDF file in the browser. It also gives you a chance to determine if this is really what you want to do.