Newsfeed
(click to hide)
Last 10
- iTunes update plugs WebKit flaw
- DARPA launches insider threat detection effort for military
- Discover to get M from Heartland for '08 data breach
- Miami man pleads guilty in ID theft case
- Botnet takedown may yield valuable data
- Botnet Takedown May Yield Valuable Data (PC World)
- Cyber-Offence is the New Cyber-Defense
- Vuln: Microsoft Windows Media Encoder 9 DLL Loading Arbitrary Code Execution Vulnerability
- Vuln: PGP Desktop DLL Loading Arbitrary Code Execution Vulnerability
- Wireshark 1.4.0 drops Windows 2000 support
SANS Newsbites
SANS @Risk
Today´s Diary
If you have more information or corrections regarding our diary, please share.
Last Updated: 2010-09-02 00:50:00 UTC
by Daniel Wesemann (Version: 1)
"We're under a targeted malware attack!", a friend of mine yelled into the phone. "We are getting lots of oddly named PDFs, attached to personalized emails, sent only to certain employees in our firm!". From some past experience with chewing through our nasty malware repository here at SANS ISC, I had learned a thing or two about malicious PDFs, so I agreed to take a look.
One hour later, it was clear that the PDFs in this case were free of any exploit, completely harmless, and contained only the average "I AM A COUSIN OF THE LATE ZESKEKE NGAGWENE" type of Nigerian 419 (advance-fee) fraud spam.
But the whole episode gave me pause. It really looks like the past two years of never ending new waves of PDF exploits have degraded PDF in the mind of every security analyst to a level somewhere at par with ANI and SCR files: No matter what it claims to be, it ain't nothing good.
I very much agree with Stephen Northcutt's comment in SANS Newsbites two months ago. He asked: "Is there an alternative to a .pdf? It was supposed to be a printable image of what you saw on the screen. At least that was the idea 15 years ago. It should not need "launch" functions to do that. Do you remember five or six years ago, you weren't supposed to send an excel spreadsheet or a word document because they might contain malware, you were supposed to send a .pdf. Guess that has changed!"
Time for SDF - the Safe Document Format. You know, one that just supports pixels in various shades of gray, and does not need to include the ability to play a movie in 3D accompanied by surround sound. Just a nice plain document that can be opened, read and printed, without any of the nagging feeling of dread that nowadays accompanies clicking on a PDF.
Anyone?
If you have more information or corrections regarding our diary, click here to contact us.
Diary Archive
| Date | Author | Title |
|---|---|---|
| 2010-09-02 | Daniel Wesemann | SDF, please! |
| 2010-09-01 | John Bambenek | Month of Undisclosed 0-day Bugs |
| 2010-08-31 | Bojan Zdrnja | Interesting PHP injection |
| 2010-08-30 | Adrien de Beaupre | Apple QuickTime potential vulnerability/backdoor |
| 2010-08-29 | Swa Frantzen | DLL hijacking - what are you doing ? |
| 2010-08-29 | Swa Frantzen | Abandoned free email accounts |
| 2010-08-27 | Mark Hofman | FTP Brute Password guessing attacks |
| 2010-08-23 | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-23 | Bojan Zdrnja | DLL hijacking vulnerabilities |
| 2010-08-22 | Rick Wanner | Failure of controls...Spanair crash caused by a Trojan |
Search Diaries:
NEW: ISC/DShield Discussion Group
|
| Subscribe to SANS Internet Storm Center / DShield |
| Visit this group |
Featured Event
Latest Reading Room Papers
Poll
Trends
more details
World Map
