Security Holes Not Required to Attack via PDF files
If the sheer amount of exploits in Adobe’s products over the last year haven’t scared you off yet, then maybe a PDF attack (that doesn’t require an exploit or JavaScript to run) will. Here’s a proof of concept video for your viewing pleasure:
Jeremy Conway, product manager at NitroSecurity, created this proof of concept for an attack in which malicious code is injected into a file on a computer as part of an incremental update, but which could be used to inject malicious code into any or all PDF files on a computer. So looks like a new generation of PDF Worms are coming soon.
The attack requires the user of the computer to allow the code to be executed by agreeing to it via a dialog box. However, the attacker could at least partially control the content of the dialog box that appears to prompt the user to launch the executable and thus use social engineering to entice the computer user to agree to execute the malware, said Conway.
|
|
Worse, another growing competitor to Adobe: Foxit PDF, does not even warn the user that code is about to be invoked. It just quietly lets the code run without any user interaction!
Turning off JavaScript would not prevent the attack. It also does not require that the attacker exploit a vulnerability in the PDF reader itself. The PDF reader incremental update capability “can be used as an infection vector,” said Conway. The attack “does not exploit a vulnerability. No crazy Zero-Day (exploit) is needed to make this work.“
Another PDF security specialist Didier Stevens has developed a PDF document which is capable of infecting a PC – without exploiting a specific vulnerability. The demo exploit works both in Adobe Reader and in Foxit. Stevens says he used the “Launch Actions/Launch File” option, which can even start scripts and EXE files that are embedded in the PDF document. This option is part of the PDF specification.
Stevens intends to keep his PDF document with the embedded code under wraps until the vendors respond. However, he has provided a document (direct download) which launches the command prompt when the PDF file is opened. When tested by the TechChunks Security team, this worked under Windows 7 with the current versions of Adobe Reader and Foxit. In principle, this concept is also said to be suitable for starting an FTP transfer to download and start a trojan.
|
|
The authors are not releasing the method, but I can tell you that once the concept is released, which it has been, someone on the wrong side will figure it out soon enough. Adobe, Foxit and other PDF reader providers need to look into this ASAP and release a patch quickly.
World's Tiniest Rechargeable Battery Aims To Boost Gadget Up-times
3 Top Online Technology Revolutions that Rocked 2009
Video Showing Brand New iPad Getting Smashed by a Baseball Bat 
'Wikileaks - The Video Game' is a Hit; Stars Assange and Obama
TechChunks: Monthly Round Up Jan 2010
RIM Rebuffs Report, Can't Give India Access To Encrypted E-mail Data
Teri (3)
Rent Textbooks. (2)
used tires (2)
Adeline (1)
Best Andriod Tablets R... (1)
Damn mate, these hacker people are not even leaving PDFs. PDFs are my next fav file format after MP3 and I love collecting them. My whole comp is filled with PDFs. Now if these kind of malicious programs are attached with PDF then how will I download them :’( I hope these PDF reader providers do something about this vulnerability otherwise I am doomed
.-= Shiva | Netchunks´s last blogpost >> What is the real cost of the Apple’s IPad? =-.
hi shiva,
its same here, i love to read ebooks and i have a lot of these pdf books on my computer, hope my anti-virus works on those…
curse you all pdf hackers…
Unfortunately as the idea of such an attack is still in the “proof-of-concept” phase, I doubt if any antivirus is equipped to guard you against any such attack.
And the fact that these types of PDF attacks don’t need any exploits or need the javascripts to be enabled makes it even more scarier.
Hey bro thanks for the tips in the post in my blog
I deleted it so that it does not cause any more problem. Thanks for helping out
.-= Shiva | Netchunks´s last blogpost >> Microsoft to roll out Pink Social Smartphones on April 12 =-.
No problems!
Social comments and analytics for this post…
This post was mentioned on Twitter by InfoSec: PDF’s are The New Vector for Malware – PDF Worms Coming … http://bit.ly/daVD10 #threats2watch…
Security response teams at Adobe and FoxIt are investigating ways to mitigate a new PDF hack that allows the execution of an embedded executable without exploiting any security vulnerabilities. …
Now I have one more reason to blame adobe
They created the PDF file format…
.-= Siddhu´s last blogpost >> Tips to write better articles =-.
LOL. Looks like you are an ardent Apple fan!
I’m also commenting to let you understand of the wonderful experience my wife’s child gained reading through your blog. She noticed some things, most notably how it is like to have an excellent teaching spirit to get many others without hassle thoroughly grasp a variety of tricky things. You truly surpassed my expectations. I appreciate you for offering these important, trustworthy, revealing and in addition fun tips about the topic to Gloria.