7 comments

[ 3.4 ms ] story [ 31.4 ms ] thread
Interesting article; I wonder if it's been hacked itself? The text of the article seems to finish at page 3, even though the page-count links at the bottom of each page show 4 pages. I clicked on the "Next" link at the bottom of page 3, and Avast! detected a threat. I didn't keep going.
The fourth page is a commented listing of the exploit. Supposedly, it can trigger some antivirus programs.
I don't run windows, but all there is on the next page is the commented listing of source code for the virus.
So why does adobe reader allow for the execution of javascript from pdf files?
http://www.adobe.com/devnet/acrobat/pdfs/js_developer_guide....

It looks like the major use case is adding functionality to interactive forms. For example, you could create a PDF that allows you to submit to a SOAP service upon clicking a submit button. You can also apparently interact with database services using ODBC on Windows.

Why you would opt for this vs. a web form, given that both approaches would require a coder, I really can't imagine.

Ah, I thought it might be for the forms. Still... it seems a little extreme to have fully executable code in a file which is only being read. :sigh: if only pdfs weren't so scary.
Looks like a pretty well conducted spear phishing attack. If the exploit code hadn't crashed Acrobat Reader, chances are the originating attacker would have a nice flow of 0-day exploits from this security researcher.