cPanel for web hosting account

[mamedesign]

PDF files can be used for spreading malware for cleaning PDF files stored on the target computer running Acrobat reader or Foxit reader PDF software. The concept for proof of concept for an attack for malicious coding is injected into a file on computer as a part of incremental update, which can be used for injection of malicious coding into any or all PDF files on the system.

The attack needs the user of computer for allowing the code for being executed by making agreement to it through dialog box. The attacker could control the content of dialog box, which appears for prompting the user for launching the executable and using social engineering for enticement of computer user for agreeing for execution of malware. Turning off the JavaScript would not prevent the attack. It does not need that the attacker exploits susceptibility in PDF reader.

PDS reader incremental update can be used as infection vector and the attack does not make exploitation in vulnerability. There are proofs of concept attack and details are given for the weakness in PDF readers, which was discovered by security researchers. A researcher David Stevens was able to launch and run an executable file within PDF by using a multi part script process. The researchers are investigating the ways for mitigation of risks from such attacks.

Foxit takes the security concerns more seriously and focus on the engineering resources for determining the main cause of the problem and getting a safe solution for the same. The security concern has made development team to work out a resolution, which was determined within a period lesser than 24 hours and updated version was made public in a short period of time.

The problem resulting from PDF reader software allowed .exe files to be opened or launched from within the program. Most of the users did not use the additional functionality. PDF software firms can provide a minimalistic version of PDF readers, which does not permit other kinds of programs for getting launched and allowed the users for making decision about the specific kinds of executables they want to provide within the program.

source : Kvcwebhosting News

[hena]

Hello
Portable Document Format (PDF) files could be used to spread malware to clean PDF files stored on a target computer running Adobe Acrobat Reader or Foxit Reader PDF software, a security researcher warned on Monday.

Jeremy Conway, product manager at NitroSecurity, created a proof of concept for an attack in which malicious code is injected into a file on a computer as part of an incremental update, but which could be used to inject malicious code into any or all PDF files on a computer.

The attack requires the user of the computer to allow the code to be executed by agreeing to it via a dialog box. However, the attacker could at least partially control the content of the dialog box that appears to prompt the user to launch the executable and thus use social engineering to entice the computer user to agree to execute the malware, said Conway.

Turning off JavaScript would not prevent the attack. It also does not require that the attacker exploit a vulnerability in the PDF reader itself.

The PDF reader incremental update capability "can be used as an infection vector," said Conway. The attack "does not exploit a vulnerability. No crazy Zero-Day (exploit) is needed to make this work."

Conway's proof of concept attack--detailed here with more information here--takes advantage of the same weakness in PDF readers that security researcher Didier Stevens of Belgium discovered a week ago and explained on his blog.

Stevens was able to launch a command and run an executable within a PDF file using a multi-part scripting process. As a result of that research and blog post, researchers at Adobe and Foxit Software are investigating ways to mitigate the risks from such attacks, according to CNET sister site ZDNet.

An Adobe spokeswoman did not have a comment on Conway's hack, but ZDNet posted Adobe's comment on Stevens':

"Didier Stevens' demo relies on functionality defined in the PDF specification, which is an ISO standard (ISO PDF 32000-1:2008)," the statement said. "Section 12.6.4.5 of the specification defines the /launch command. This is an example of powerful functionality relied on by some users that also carries potential risks when used incorrectly. The warning message provided in Adobe Reader and Adobe Acrobat includes strong wording advising users to only open and execute the file if it comes from a trusted source. Adobe takes the security of our products and technologies very seriously; we are always evaluating ways to allow end-users and administrators to better manage and configure features like this one to mitigate potential associated risks."