Security Holes Not Required to Attack via PDF files
Jeremy Conway, product manager at NitroSecurity, created this proof of concept for an attack in which malicious code is injected into a file on a computer as part of an incremental update, but which could be used to inject malicious code into any or all PDF files on a computer. So looks like a new generation of PDF Worms are coming soon.
The attack requires the user of the computer to allow the code to be executed by agreeing to it via a dialog box. However, the attacker could at least partially control the content of the dialog box that appears to prompt the user to launch the executable and thus use social engineering to entice the computer user to agree to execute the malware, said Conway.
Worse, another growing competitor to Adobe: Foxit PDF, does not even warn the user that code is about to be invoked. It just quietly lets the code run without any user interaction!
Another PDF security specialist Didier Stevens has developed a PDF document which is capable of infecting a PC – without exploiting a specific vulnerability. The demo exploit works both in Adobe Reader and in Foxit. Stevens says he used the “Launch Actions/Launch File” option, which can even start scripts and EXE files that are embedded in the PDF document. This option is part of the PDF specification.
Stevens intends to keep his PDF document with the embedded code under wraps until the vendors respond. However, he has provided a document (direct download) which launches the command prompt when the PDF file is opened. When tested by the TechChunks Security team, this worked under Windows 7 with the current versions of Adobe Reader and Foxit. In principle, this concept is also said to be suitable for starting an FTP transfer to download and start a trojan.
The authors are not releasing the method, but I can tell you that once the concept is released, which it has been, someone on the wrong side will figure it out soon enough. Adobe, Foxit and other PDF reader providers need to look into this ASAP and release a patch quickly.
TechChunks is a Technology Geek, Web Entrepreneur, SEO Consultant and Social Media Evangelist. Prior to starting this blog, TechChunks has spent many productive years as a Software Engineer, Wordpress Blogger, Corporate Trainer, Frequent Conference Speaker and Workshop Leader. Circle TechChunks on Google+!