3aIT Blog

 

PDF IconWe have seen an uptick of email from unknown sources with PDF attachments of late. It is worth restating that you should be very wary of ANY email from an unknown source regardless of the content. Attempts to compromise machines via email come in many forms. Most frequently, this will either be via a zip attachment, or a link to a malicious website. However, the people engineering these emails know that awareness of attacks in this form is increasing, so are always on the lookout for new ways to trick people into compromising their machines. This recent spate of emails fall into that category.

PDFs can be used as a means to compromise a machine, and that is what is happening in this case. The attackers engineer a PDF in such a way that it exploits known issues with PDF reading software (usually, but not exclusively, Adobe Reader). Opening one of these PDFs won't necessarily cause anything obvious to go wrong at first, but it will have tried to run a script that starts gathering information about any financial transactions (bank / Paypal etc) on the machine, and emails relating to this may then be sent.

The first thing to do here is ensure that your PDF reader is completely up to date. Usually. this should ensure that the holes in the software that these attackers are trying to exploit are not present, therefore rendering these attacks fruitless. However, in some cases, they are exploiting a hole in the way that ALL PDFs are created. If you open a PDF that has been engineered in this way, even the most recent versions of PDF software could be allowing this dangerous code to run. This will likely be resolved with an update in the coming weeks.

As usual, also ensure you have anti-virus software running and fully updated. We have seen scanners successfully identifing these files. However, never assume a file is safe if your anti-virus software doesn't object to it. These exploits are being tweaked all the time to try and bypass virus scanners.

However, by far and away the best way to avoid problems like this is to have a robust spam scanning solution in place that prevents emails like these appearing in your inbox in the first place. While none of these are 100% effective (and therefore you should always be alert to such scams), some are very close to this figure. At 3aIT, we both use and recommend EPA's spam filtering service.