StarDestroyer.Net BBS

Haven't seen this posted, but since I need to deal with fallout from shit like this at work, might as well spread the word:

http://www.theregister.co.uk/2007/10/26 ... x_windows/

Basically, patch your Adobe Reader to v8.1.1 and be on your toes after that. Even then, you might get hosed. Machines that get infected by the Adobe PDF vulnerability or through the Windows one tend to become spam servers spewing out maliciously constructed PDFs to spread the infection.

Feel free to consider this post trolling, but I use Foxit for my PDF needs. Adobe's too bloaty for my tastes (why I switched in the first place), and this PDF spam sploit is even more reason to use anything else.

Einhander Sn0m4n wrote:Feel free to consider this post trolling, but I use Foxit for my PDF needs. Adobe's too bloaty for my tastes (why I switched in the first place), and this PDF spam sploit is even more reason to use anything else.

Cavet, some of us need Adobe because Foxit doesn't fully deal with some complex PDF with many layers, or some stuff doesn't render properly. I've had to deal with such PDFs quite abit, and others(such as Zod) also had.

It should be noted that even though Adobe 8.0 had a vulnerability, the deepr issue is still in Windows XP itself and how it passes information to 3rd party programs, so even without Adobe Reader, you can get fucked by this problem. IE7 is one of the programs affected. So until MS fixes it, any PDF on the net is a potential landmine.

Fun fact regarding the malware that infects your machine through this exploit: It has anti-AV capabilities. I don't know just how many security software suites it can hamper, but it can avoid detection by F-Secure except by indirect means (the outgoing PDF spam is noticed, but its cause is not) and it can terminate F-Secure virusscan prematurely. No idea what it does with Norton and the other big name AV software.

So this is not something you really want to risk unless you like nuking and reinstalling your computer.

Thanks for the heads up, Edi. It is much appreciated.

Einhander Sn0m4n wrote:Feel free to consider this post trolling, but I use Foxit for my PDF needs. Adobe's too bloaty for my tastes (why I switched in the first place), and this PDF spam sploit is even more reason to use anything else.

I've found that most third-party PDF viewers (including Leopard's Preview, which far better performing than Adobe's own software and my preferred viewer) completely screw up when opening complex PDFs; specifically, encrypted ones locked to a user name and password that use a web server to authenticate. They seem to only work with Adobe's product.

I installed Adobe's viewer but didn't set it as default so I never see it unless I need it.
I'm just glad I'm on a Mac and don't have to worry about this. Still, I'm sure I'll be fixing it at work.

Fun fact regarding the malware that infects your machine through this exploit: It has anti-AV capabilities. I don't know just how many security software suites it can hamper, but it can avoid detection by F-Secure except by indirect means (the outgoing PDF spam is noticed, but its cause is not) and it can terminate F-Secure virusscan prematurely. No idea what it does with Norton and the other big name AV software.

So this is not something you really want to risk unless you like nuking and reinstalling your computer.

Ah crap. I just know SOMEONE will download this at work and infect half the network and I'll be stuck with cleanup duty, reformatting machines one at a time.

This causes me to appreciate Evince and XPDF more vigourously. That said, it is indeed a disturbing problem, in that the PDF was generally viewed as one of the last "safe" formats for sending data.

Is there any way to get around its potential ability to shut off virus scans? Can you run a better diagnostic in safe mode?

Fuck I need to check the boss' computer at monday, ASAP. He just instaled a new Adobe reader and had some problems with it.

So this doesn't impact Vista machines, right?

RThurmont wrote:This causes me to appreciate Evince and XPDF more vigourously. That said, it is indeed a disturbing problem, in that the PDF was generally viewed as one of the last "safe" formats for sending data.

Unfortunately, evince seems to leak prodigious amounts of memory, and doesn't render PDFs as well (letters seem misaligned). I use it as the default though since it does load substantially faster.