SecurityXploded Blog

Hackers Exploit Launch Feature of PDF to Spread the Botnets

Next time you open that PDF email attachment or PDF document from your friend, it may be the last time you will be owning your system.  Next moment onwards it will no longer be yours because it will become  part of botnet system controlled by attackers out there.

Attackers are busy exploiting new launch action feature of  PDF to execute malicious program on the victim’s system silently.  Few days ago researchers at M86 Security discovered emails containing PDF attachments exploiting this flaw. On opening PDF,  it automatically executes the embedded malicious program which installs key logger to steal user’s credentials and make the system part of Zeus botnet.

Thanks to demonstration by security researcher, Didier Stevens on how to exploit PDF’s launch action feature to execute any program. This was followed by Proof-of-concept by Jeremy Conway, product manager at NitroSecurity showing how to perform such an attack in action. Here is the video demonstration of the same created by Conway.

Adobe has confirmed the flaw and provided a workaround for administrators to prevent such an attack by disabling this launch feature.  However this is more or less useless as very few know about these attacks to take care of above precautionary steps.

With absolutely no protection out there and attacks rising like dark sea waves,  victims are just at the mercy of attackers.

.

Leave a Reply