Symantec has been working hard on discovering the behavior of PDF attachments that carry infections (malware), from fake emails. Usually enterprise users and home computer users let their guard down to open attachments from people they know. While it has been blogged about previously, modern infections are delivered by hijacking a machine while the computer end user doesn’t realize it. This happens mostly through the marketplace on Android devices, but it can happen on a computer and mobile device by opening an email attachment – then hijacking the end user’s email address book.
While these kinds of attacks started several years ago using poor English and attachments that most antivirus software could detect, today these emails have better grammar and attachments that are real documents. The biggest reason these SPAM emails can have success at this is a lack of updating Adobe PDF readers, as well as Foxit PDF readers. So many current attacks happen from this kind of attachment that regular updates to Adobe Reader and Adobe Standard that it is quickly becoming a preferred means of attack.
According to Symantec, current PDF’s are infected with ENCRYPTED PDF’s that make anti-virus scanners almost never detecting bad PDF attachments.
…Symantec…detects PDF malware that leverage old vulnerabilities, but with AES-256 encryption…
Newer PDF malware is using a stronger form of encryption and Symantec is not detecting this. The Symantec Blog suggests..
Please be sure to keep your virus definitions up-to-date. Users of Adobe Reader and Acrobat version 9.x for Windows should also upgrade to the newest version as soon as possible. Additionally, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of the type currently targeting this vulnerability from executing.
If you have applied latest patches to your Adobe Reader, you should be in good shape. If you don’t check for updates or deny these Adobe updates, it would be a good idea to immediately update it. As a best practice, reboot your computer, do NOT open any programs except Adobe, go to the Help pull-down menu and choose the option to Check for Updates… When it finds the update download and install it immediately.
NOTE: Adobe does not announce ALL updates missing, but one at a time. So check for updates after every patch until there are no more available.
This, along with many other considerations can help prevent your network from getting compromised by infections. Contact Menlo Technical Consulting today to have a network security analysis performed, and to discuss how to best protect your networks and servers.