A Network World post discusses a demonstration of how a worm could be launched by opening a PDF document. Make sure that you are using a current version of your Adobe, FoxIt readers to help protect yourself against this exploit. While the fixes don’t prevent the exploit, they will at least warn you that the code is about to be run and you have the option to cancel it.
Users who want to turn off the Adobe Reader or Acrobat feature that allows the attack to work can click "Edit > Preferences > Categories > Trust Manager > PDF File Attachments" and then un-check the box that reads "Allow opening of non-PDF file attachments with external applications."
In a video demo of his attack, Conway shows how he was able to build a malicious PDF document with the executable code that also inserted his own text in Adobe's warning box. By adding text such as "click 'Open' to unencrypt this file," an attacker can increase his chances of getting a victim to open the file.
Wormy attack could spread via PDF
Adobe also published a workaround documented by CNET
Here are the instructions for mitigating a potential attack:
- Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”
This is what it looks like:
