Zeus botnet jumps on PDF design flaw

[lotuseclat79]

Zeus botnet jumps on PDF design flaw.

Attackers have begun exploiting a design flaw in Adobe Systems' PDF format to spread the Zeus botnet, only days after the publication of a proof-of-concept exploit for the flaw, according to security researchers.
...
Zeus attempts to steal banking information by logging a user's keystrokes. It also attempts to make a user's system part of the Zeus botnet.

-- Tom

 

[jiml8]

Y'know what?

Maybe I'm dumb. Maybe I'm old fashioned.

But I don't want my PDF reader to be able to run javascript. Or launch executables. Or do any other damn thing BESIDES display PDF files.

I have had to not only turn off a bunch or stuff in Acrobat 9 since I installed it in my new Windows 7 virtual machine, but I've also had to tell the Online Armor firewall to BLOCK all kinds of stuff that it wants to run and use to connect to the internet.

Is that so much to ask?

 

[SIR****TMG]

It never stops

 

[tomdkat]

But I don't want my PDF reader to be able to run javascript. Or launch executables. Or do any other damn thing BESIDES display PDF files.

I agree with you on this, HOWEVER I recently used a PDF feature of editing a form in a PDF document which I then printed. Having the ability to complete PDF forms is pretty neat AND I used a non-Adobe PDF application to do it.

That aside, I agree I prefer PDF files to be static, dormant, read-only files, period.

If the exploit is in the actual format, I would imagine a number of PDF supporting apps would or could be impacted by any exploits.

Peace...