Adobe Reader Malicious Attacks

Posted by admin on April 19, 2010 | No Comments

Identity thieves are now using the “/launch” command feature in Adobe Reader to launch malicious attacks. It is the same “feature” that’s been in the news in recent weeks.

When the PDF is opened In Adobe Reader with JavaScript enabled, a dialog box is displayed asking the user to “Specify a file to extract to”.

This could be somewhat confusing to users, and not really knowing what is happening, they may just click save (It appears as if they are just saving a PDF file after all). Adobe is considering a patch to change the behavior of the software. In the meantime, the company is suggesting that users configure its PDF Reader product to limit the damage from an attack.

Here are the instructions for mitigating a potential attack:

Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”

Bookmark and Share

Filed under Security | Tagged with

Comments

Share Your Thoughts

Have a question or something to say? We'd love to hear from you!




Green Business Certified
Custom Design & Wordpress Theme by Auxano Creative