f5-nz logo
Story image

PDF exploits run rampant

30 Apr 2010

As the popularity of free PDF readers has increased so too has the malware which exploits the software's vulnerabilities, a McAfee security researcher said Wednesday.

Toralv Dirro, a security strategist with McAfee Labs, says that the amount of malware designed to target security flaws in PDF readers has skyrocketed in recent times, jumping from 2% in 2007 to 28% in this year. 

The most far reaching of the exploits is a variation of an 'Emold' or 'Auraxx' Windows worm which is known to affect both Adobe PDF reader and Foxit PDF reader.

The scam works by sending bogus emails to users with the subject line "setting for your mailbox are changed". 

The body text says: "SMTP and POP3 servers for [your email address] mailbox are changed. Please carefully read the attached instructions before updating settings."

A PDF is attached claiming to be instructions on how to adjust email settings, but in fact, contains malware. 

To protect yourself Microsoft recommends that users disable the autorun feature (instructions here) and only open attachments which are known to be safe.

Adobe recommends updating the patched version of Adobe Reader as soon as possible