Wednesday, October 15, 2008

Becareful before opening PDF files

PDF Files and Flash Ads Can Contain Malicious Code

Flash and PDF files on the Internet can contain hidden malicious code that's so sophisticated that most antivirus software won't detect the attacks even after they infiltrate vulnerable computers, according to a report released by the company Finjan, a provider of Web gateway and content-inspection solutions.

On Sept. 23, 2008, Finjan released its Malicious Page of the Month report detailing how malevolent hackers use Web 2.0 technologies to infest operating systems with the latest malware. The report's data, compiled by the company's Malicious Code Research Center, tracks the evolution of "obfuscated code," or code that is encrypted so well by its authors that it's difficult to recognize. This code can be built into Flash and PDF files by people with bad intentions.

"This vulnerability will enable them to gain access to our local disk so they can install their Trojan horse or keylogger software," said Yuval Ben-Itzhak, Finjan's chief technology officer. This gives them the opportunity to slip in undetected and wreak havoc.

The report divulges the following details of this trend:

In 2008, obfuscated code was embedded in rich-content files, such as Flash-constructed ads on Web pages or the ever-popular PDFs that millions of Internet users download regularly. Some hapless Web surfers are unwittingly compromising their computers merely by visiting sites with code-infested Flash ads on them or by downloading seemingly harmless PDFs containing the same type of code.

In 2007, obfuscation techniques mimicked legitimate encryption-decryption processes. In this method, a malicious hacker sends a "key" to users that seems legitimate. After a user obtains and activates the key, it unlocks malicious code that goes to work on the user's machine.

In 2006, malicious hackers wrote harmful code into programs that are activated once users input passwords or other forms of typed input.

In 2005, obfuscated code attacks consisted of two formats: scrambling code to make it more complicated, and character-based encoding to use it in any format a browser can interpret.

Again, my advice is same. Don't open files or attachment from the source you don't know or trust.

No comments: