Wednesday, May 22, 2013

Dangerous PDF Files

Microsoft published a list of eight names of known virus infected PDF files that have been repeatedly seen as the carrier of virus infections:
  • pdf_new[1].pdf
  • auhtjseubpazbo5[1].pdf
  • avjudtcobzimxnj2[1].pdf
  • pricelist[1].pdf
  • couple_saying_lucky[1].pdf
  • 5661f[1].pdf 7927
  • 9fbe0[1].pdf 7065
  • pdf_old[1].pdf
What  does that mean for you? Beware of any email attachment with any of these or similar file names!

One easy security measure against only exactly this type of virus is to disable Javascript in your PDF reader.. This depends on having the latest up-to-date version of the PDF reader installed.

If you use Adobe Reader at the time of writing the latest version is 11.0.3. Open the Edit menu and click on Preferences (or type Ctrl+K).  In the Preferences window click in the left side bar on Javascript. Then remove first the check mark by  "Enable global object security policy" and then the one by "Enable Acrobat Javascript". Then click OK to close the Preferences window. This is what the window looks like (emphasis added):

If you still have Adobe Acrobat installed please remove it and replace it with PDF-XChange Viewer! Well, if you actually use Adobe Acrobat regularly to create PDF documents then keep it up-to date and use it at your own risk.

Update May 27 2013:

If you use PDF X-Change Viewer at the time of writing the latest version is 2.5.210.Open the Edit menu and click on Preferences, select JavaScript, uncheck Enable JavaScript Actions and click “OK”. This is what the window looks like (emphasis added):

If you use a different PDF reader you have to find out if this reader allows embedded Javascript to be executed. If so then find out how to disable it.

Again, this avoids only Javascript viruses embedded in PDF files.
If you run any version of Adobe Reader older then 11.0.3 please upgrade immediately! After an upgrade you have to check if there is another older version of Adobe Reader installed; if so remove it! 

Should you have any difficulties with any of the above I will be glad to help. For things like these I do not need to come to your house, they can be fixed remotely.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

No comments: