Symantec’s latest white-paper reports that the top web-based attacks observed in 2009 were primarily targeted towards vulnerabilities in Internet Explorer and applications that process PDF files. Apparently 49% of all web attacks (up from 11% in 2008) was based on injecting malicious code into a perfectly innocent looking PDF file. This new type of exploit will display a simple dialog, appearing to innocuously enable the viewing of encrypted content. Clicking “accept” will then launch and install the malware on your computer. The truly deadly threat of this exploit is that it is embedded into the PDF file itself, and so it affects all PDF readers.
Therefore, it is more important than ever to ensure that your PDF reader is secured from launching malicious code.
If you are using the latest Adobe Reader, you can ensure that you are protected by going to Edit -> Preferences -> Trust Manager and uncheck “Allow opening of non-PDF file attachments with external applications”.
If you use the more lightweight alternative Foxit PDF Reader, the method is similar. In Foxit when you click on an external link you see the following dialog:
So, in Foxit you are protected by default. However, if you are sure that the file you are trying to open is secure you can disable this feature by navigating to Tools > Preferences > Trust Manager and uncheck “Enable Safe Reading Mode”.
Snippet is a short tip/trick or just a quick fix for a certain issue that we discover from time to time. Don’t forget to subscribe to our RSS feed for more up to date tutorials/tips/tricks.
Image credit: fpsurgeon
Receive the latest update in your inbox.