Friday, October 09, 2009

More Adobe PDF Viruses On The Loose Patch On The Way

"You can get viruses from a PDF?" you say??
YES you CAN!!! and Seth Hardy of Symantec's MessageLabs just did a talk the other day at SecTor 2009 about how he's been able to (in a test lab) create a virus, embed it in a PDF and get past every known antivirus. This is scary stuff folks, and there is one little thing you can do to stop most of it.

HelpNet Security says that a new round of these viruses is out in the wild and Acrobat 9.1.3 is vulnerable, but a patch is coming on Oct. 13th. In the meantime they recommend turning off Javascript.

Open up Adobe Reader/Acrobat and turn off JavaScript! Yes, PDFs can have Javascript, though you've probably never even seen a PDF file that legitimately uses Javascript.

Here is how you do it in Reader 9.1.x :
Click on the Edit menu, click Preferences.

Select Javascript from the Categories menu.
Click the checkbox OFF next to Enable Acrobat JavaScript
Post a Comment