New PDF Embedded Virus Circulating

Virus Circulating as a PDF Embedded Executable

Adobe’s “Launch” feature has been exploited to allow a virus to be inserted in to a PDF and downloaded to your computer. A new virus, which does just that, is currently circulating.

This version of the virus is being circulated as an attachment in PDF’s titled Royal_Mail_Delivery_Notice.pdf.

If you open a PDF, and are greeted with a dialogue box prompting you do download Royal_Mail_Delivery_Notice.pdf , or to “choose an extraction location”, be sure to cancel the action, close the dialogue box and delete the infected PDF.

FoxIt Readers need to take extra care, as FoxIt Reader does not currently give the user the dialogue box as outlined above, but rather begins automatically downloading the virus to your My Documents Folder.

Until a patch is released, Adobe suggests the following work around to help prevent infection:

In Adobe Reader and Acrobat, edit your preferences

  1. Edit
  2. Preferences
  3. Categories
  4. Trust Manager
  5. PDF File Attachments – clear or deselect the check box for “ Allow opening of non PDF file attachments with external applications.

If you suspect you have been infected, call us to book a remote or on site support session. TUCU will scan and quarantine any viruses on your system, and update your anti-virus and Adobe settings.  From Toronto, dial 416.292.3300.  From Durham, call 905.233.4858.

Update – Monday May 10, 2010 – Foxit Reader has added a safe mode to help stop embedded viruses from automatically downloading.  Foxit PDF Reader Version 3.3,has a Safe Mode that blocks external commands (embedded viruses) from being executed by the software.  So good news for Foxit fans!

TUCU is an IT support company serving Toronto & Durham Region. For a free quote or immediate help, contact us today.