November 05, 2007 — CSO — There's good news, better news, and some pretty bad news about the PDF spam that flooded corporate mailboxes this summer. The good news is that the storm of spam vanished as quickly as it came. "The increase started mid-June and the latest report we saw indicated PDF spam dried up [in the last week of August]," says John Landwehr, director of security solutions and strategy at Adobe Systems. The summer PDF campaign hit hard and fast. According to IronPort, about 5 billion copies of one of the spams were sent out. By July PDF spam accounted for about 8 percent of all spam, according to Symantec.
The better news is that the PDFs were all straight spam, not attempted exploits. Unless youâ¬"re interested in dubious stock tips, the spam was harmless.
The bad news is the attack points to the potenÂtial for PDF exploits that could infect everything from a single computer to an entire network. And in fact, as this story went to press, Adobe was admitting that a critical vulnerability had been found in PDF files. The company had a workaround for the problem but was still trying to cobble together a patch. This flaw comes after versions of Acrobat Reader earlier than version 8 were discovered to have a nasty JavaÂScript cross-site scripting (XSS) vulnerability.
The problem of image spam didnâ¬"t start with PDFs and it wonâ¬"t end with them. The latest trend, which started showing up in July, is to embed the payload into an Excel XLS file. What makes these attacks particularly nasty is the social engineering component. PDF and XLS documents have more credibility with business users than a JPEG. If the average user gets an e-mail titled "complaint" containing nothing but a PDF, he or she will likely open it. Until this year, security vendors didnâ¬"t check PDFs and XLS files, because there wasnâ¬"t a problem with them and theyâ¬"re hard to check. Many antispam products didnâ¬"t check nondocument attachments at all. That has changed, and most antispam products now check PDFs as well as other forms of image spam. Getting spam in your corporate e-mail is still annoying, of course. But the danger is that the same technique could deliver Trojans, viruses, malware and other threats. That threat appears to have been realized with this latest critical vulnerability, which uses the "mailto:" e-mail function to inject malicious code into a PC. Adobe is telling customers to "use caution" when clicking on attachments.
Still, Acrobat Reader is well-nigh universal, and that makes it a tempting target. What is worse, a lot of users never update their version of Acrobat Reader, leaving them vulnerable to already patched bugs like the XSS bug found last December. It's important to realize that the XSS vulnerability probably wonâ¬"t be the last attack on PDF files. It is simply too juicy a target. ⬠Rick Cook
Read more about data protection in CSOonline's Data Protection section.
Other stories by Rick Cook
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
