Trusteer Warns of Impending Wave of PDF malware attacks

(PresseBox) ( LONDON, )
A structural flaw in the Adobe PDF format - which is widely used to distribute documents across multiple computing platforms - can be exploited to install almost any malware on a user's computer.

And says Trusteer, the browser security and fraud prevention specialist, security researcher Didier Stevens' demonstration (http://bit.ly/bDVf7W) of a multistage misuse of Adobe '/Launch' function - which is part of the PDF feature set - poses a potentially serious threat to organisations and individuals.

The demonstrated attack allows criminals to embed a malicious executable file inside a simple PDF file. When the user opens the PDF the malicious executable runs.

"Whilst Acrobat Reader normally display a warning that an executable inside a PDF file is being launched, Stevens appears to have found a way to modify the alert and fool users into approving the action," said Mickey Boodaei, Trusteer's CEO.

"Our research team were quickly able to replicate Didier's findings and there is every reason to believe this exploit will be added to the multiexploit Adobe hacker toolkits in use by cybercriminals," he added.

As a result of this potentially very serious attack vector on Acrobat and Reader, Trusteer is advising all users disable the function of running PDFembedded attachments within Adobe's software. This, he notes, can be achieved quite easily from the settings option within the software or, as Adobe has advised in a security blog, by a direct Registry setting change (http://bit.ly/b29yXB)

Boodaei says he anticipates that cybercriminals and hackers will try to exploit this structural Adobe issue using social engineering techniques, which lure Internet users into a false sense of feeling safe. Social engineering, he explained, is becoming an increasingly important tool used by criminals.

"Many security solutions such as antivirus and personal firewalls rely on Internet users to make the right choice," he said. "They present technical messages that are hard to understand and expect users to decide what to do with them. Acrobat Reader works similarly by expecting Internet users to understand the security implications of running an embedded file. Stevens' attack makes it harder for users to make the right choice as it allows criminals to tamper with the message that Acrobat presents and use social engineering techniques to convince users to take the wrong choice."

"Over the last year we've seen criminals effectively using social engineering attacks to bypass various security systems such as twofactor authentication, transaction verification, and desktop security," he said.

For example, he says, with transaction verification criminals are now using maninthemiddle and maninthebrowser attacks to change messages on banks' Web site and convince customers to approve fraudulent transactions. Instead of presenting the normal instructions for approving a transaction criminals change the webpage to include instructions on how to approve a fraudulent transaction. Most users just follow instructions and look for the easiest and quickest way of getting something done. They don't stop to think if every step they make is a reasonable behavior.

Going forward Boodaei says that financial institutions and enterprises should evaluate the vulnerability of their security systems to social engineering attacks and consider measures to protect against it.

"Internet users can do their part by installing a browser security layer such as Trusteer's Rapport software (http://bit.ly/aRw8sj), which is offered as a free download by banks such as HSBC, RBS/NatWest and the Santander Group. This will help to protect their online banking account sessions."

For more on Trusteer: www.trusteer.com
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an service@pressebox.de.