Embedded PDF exe hack goes live in Zeus malware attack

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Embedded PDF exe hack goes live in Zeus malware attack

#1 Post by Flash »

http://blogs.zdnet.com/security/?p=6196&tag=nl.e550
[quote]Adobe is considering a patch to change the behavior of the software. In the meantime, the company is suggesting that users configure its PDF Reader product to limit the damage from an attack.

Here are the instructions for mitigating a potential attack:
  • * Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#2 Post by Makoto »

I'll admit I haven't been paying close attention to the PDF format for a while... but since when could you embed things in a PDF that would require an external viewer? Isn't PDF supposed to be more or less self-contained?

Or was it just being nice and allowing users to specify their own viewers for some of the embedded files? Either way, you'd think that would practically invite an exploit of some sort... :(
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#3 Post by Lobster »

PDF includes a specialised programming language
. . . just as MS Office have powerful script option (programming)
I think OpenOffice has no or little macros support - is that right?

Firefox and Seamonkey contain XUL programming capacity
. . . and the list goes on . . . Perl, javascript, Actionscript (Flash language)

. . . and that is on top of the existing mainstream languages
http://puppylinux.org/wikka/ProgrammingLanguages
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#4 Post by Makoto »

Yeah, but I was wondering when Adobe thought it'd be a good idea to allow anyone to embed practically anything in a PDF (if that's the case), and allow even the remote possibility of opening another app to handle that content. That's potentially an avenue for risk, right there.

Hrm. I don't want to have to worry if my PDF reader for Linux, my handhelds, whatever, will be able to handle embedded videos in a PDF. :P
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#5 Post by dru5k1 »

haha, "We've shipped this with an open invitation to hackers... "IF" you check back at our website, then you'll be one of the lucky ones that "CAN" close this hole"

thanx for the good read Flash

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#6 Post by DMcCunney »

Lobster wrote:PDF includes a specialised programming language
Adobe embeds ActionScript, which is a variant of JavaScript, based on the ECMAScript specification (and Adobe and Mozilla are collaborating on future revisions to JavaScript and the ECMA standard.)
. . . just as MS Office have powerful script option (programming)
Microsoft includes a subset of Visual Basic called Visual Basic for Applications in the Office product line.
I think OpenOffice has no or little macros support - is that right?
It's wrong. Open Office includes a macro capability and a version of Basic. It's required for compatibility with MS Office files. There's an OO macro repository here: http://www.ooomacros.org/
Firefox and Seamonkey contain XUL programming capacity
XUL is an XML language for writing User Interfaces. You can use it with widgets to define what your application looks like. To go beyond that and actually do things you have to write in JavaScript.
. . . and the list goes on . . . Perl, javascript, Actionscript (Flash language)

. . . and that is on top of the existing mainstream languages
http://puppylinux.org/wikka/ProgrammingLanguages
And I think that entry is out of date. Isn't Perl a standard port of current Puppy distros? (If it isn't, it ought to be. It's in every [o]other[/i] Linux distro I'm aware of.)
______
Dennis

User avatar
Sit Heel Speak
Posts: 2595
Joined: Fri 31 Mar 2006, 03:22
Location: downwind

#7 Post by Sit Heel Speak »

DMcCunney wrote:Isn't Perl a standard port of current Puppy distros?
Perl has been in Puppy for years, maybe even from the beginning, look in /usr/bin and /usr/lib. 5.8.8 in older, 5.10.0 in the newest Puppies. 5.10.0 is required for building (though not using) Beesoft Commander, and maybe for the newest (April 17th) ImageMagick (I'll let you know in a few days).

Thank you very much for the rundown of scripting language inclusions!

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#8 Post by DMcCunney »

Sit Heel Speak wrote:
DMcCunney wrote:Isn't Perl a standard port of current Puppy distros?
Perl has been in Puppy for years, maybe even from the beginning, look in /usr/bin and /usr/lib. 5.8.8 in older, 5.10.0 in the newest Puppies. 5.10.0 is required for building (though not using) Beesoft Commander, and maybe for the newest (April 17th) ImageMagick (I'll let you know in a few days).
Thanks. I wasn't sure, because I automatically install it as one of the first additions to a new installation if the distro doesn't include it.
Thank you very much for the rundown of scripting language inclusions!
I just scratched the surface. TECO is available for Linux for the incurably retro (I posted a Linux version to the forums a while back). IBM's REXX language is available, in both Regina and IBM Object REXX builds. Lua gets used in Puppy, and is being embedded as a scripting language in a variety of things. (I believe Geany can be scripted in Lua.) TclTk is available for Puppy, as well as every other distro I'm aware of. Properly speaking, Python and Ruby are scripting languages, embeddable in other things, but each is powerful enough that complete applications can be written in it, similar to what is done with Java.

And that doesn't count shell scripting in ash, bash, csh, ksh, tcsh, or zsh among others.

Offhand, I think JavaScript may be the hot current scripting language. It was designed to be lightweight, object oriented, and embeddable, and there's a formal spec for it and several open source implementations (including on in Java) . Most important, given its wide usage in web development, there are a large number of developers working in it.
______
Dennis

Post Reply