Thread: Why I don't use McAfee
View Single Post
Quicksilver Quicksilver is offline
Diss Member
 
Quicksilver's Avatar
 
Join Date: Jul 2002
Location: SC - (Aiken in the 'other' SC)
Posts: 5,022
Quote:
Originally Posted by imcarthur View Post
Thanks for the advice, Wayne. What is the story on Adode PDF reader? Is it really that vulnerable?

Ian
Basically you can craft a PDF file to reference external data. The exploit is that you can get it to call a remote executable and there is no way to patch any current version of Adobe Acrobat or Adobe Reader to stop it. Adobe knows this so I would expect Acrobat 10 to slam the door on this but I don't think they are going to release new version this year.

I had a url to a site that was using this attack method a couple months ago and I spent a bit of time playing with it. I tried all Adobe versions of Acrobat and Reader from 6 thru 9 and the webpage would fire Adobe in the background so you would only see it in TaskMgr. Once Acrobat fired off it would then start loading a stream of different attack code. Most of the names were randomly generated but when you look at the actual files it was a systematic attack. The interesting bit was it used different attack code if you were in Firefox as opposed to Internet Explorer.

I see a fair quantity of the aftermath of attacks on computers but after seeing this and doing some reading I switched to Foxit as the default for PDFs. I've left Adobe on the system but it has to be manually opened. I've also loaded VMware on my home system with a couple different virtual machines. I have one I use for banking and nothing else. I use one of the others to look at sites that are questionable. If it gets hosed I just make a new copy of the boot image.

The nature of viruses has changed radically in the last couple years and in the last year it has become single minded and vicious. We are seeing attacks that are crafted to attack specific people! It is just amazing. This spring I had a customer in Louisiana who works with his wife that suffered a targeted attack. His wife received an email that said it was from his email address, had her name in it, and had a link to some "airline tickets". They were about to go on a trip so of course she clicked the link in the email from her husband. The email actually came from an IP address in the UK and the link loaded an attack that we couldn't remove so we had to send out a new drive and copy her data to it.
__________________
- "Speed kills! How fast do you want to go?" - anon.
- "If More is better then Too Much is just right!!!" - Mad Mac Durgeloh
--
Wayne - 87 Carrera coupe -> The pooch.
Old 07-07-2009, 10:16 PM
  Pelican Parts Catalog | Tech Articles | Promos & Specials    Reply With Quote #20 (permalink)