Share This post with your friends and contacts. Help THEM to stay safe:

We have recently been seeing a newer  method of infecting you by embedding macro enabled word  docs into pdf files. To all intents and purposes these PDF files look quite innocent and will normally be an almost blank page with 1 line of text

These recent posts illustrate the attack method:

 

If you have Adobe reader or any other PDF reader set to default settings, then there is a high probability of you becoming infected via this method. Luckily it is relatively easy to protect yourself.

First of all go to https://myonlinesecurity.co.uk/infected-malformed-pdf-attachments-emails/ and follow the instructions to set PDF files to open in the Adobe Reader ( or whichever PDF reader you use) NOT to open in the browser which introduces many possible vulnerabilities.

The settings vary for this vary according to your browser:

Internet Explorer

Step1. go to tools/manage addons

Step2.  Select all addons in the drop down, look for Adobe PDF reader and then press the disable button.

That way any PDF you receive will only open in Adobe reader itself and not in your browser, so cutting down the risk of any exploit infecting you.

Google Chrome

Step 1: Open Chrome and type “about:plugins” into the omnibox at the top.

Step 2: Scroll down and find Chrome PDF Viewer.

Step 3: Click the “Disable” link to prevent PDFs from loading within Chrome

Firefox  see HERE and select use Adobe Reader ( default)  or the alternative PDF reader you have installed.

Previewing PDFs in a browser is just too dangerous to take a risk with the current exploits and it is much safer to view them in the application itself which should be sand-boxed to prevent exploits slipping out.

Once you have safer settings set in Adobe reader, you are extremely unlikely to infect yourself with this sort of malware.

Trying to open a PDF with embedded content will give you this

and you can see that you cannot open or save the embedded word document so stopping you from being infected, even though you can see the word doc listed in left hand side bar

First Open Adobe reader, on the top menu bar  select  Edit then Preferences. This contains all the settings you need to change to make sure that this and other similar types of malware cannot infect you.

First turn off Adobe JavaScript.

The majority of time, you don’t need JavaScript enabled. On the odd occasion that you need it to fill in forms from Governments, employers, Tax etc. you can re-enable it for that single use.

Tirn off Adobe Reader Javascript

Next enable Adobe Protected Mode and Enhanced Security. This blocks most features in Adobe reader to stop anything auto opening or running. It prevents you saving or opening attachments or embedded objects like video or sound ( why anyone would want music or video in a PDF is beyond me though.) Enable Adobe Protected ModeNext and the most important in preventing embedded objects from being used maliciously

Turn off opening of PDF attachments in external programs

You can read https://myonlinesecurity.co.uk/malformed-infected-word-docs-embedded-macro-viruses/ to learn how to set word to protect you.

Share This post with your friends and contacts. Help THEM to stay safe:

Leave a Reply

3 Comments on "Embedded documents in PDF files that can easily infect you"

Notify of
avatar
10000
Sort by:   newest | oldest | most voted
trackback

[…] you set your PDF reader to safe settings as shown in THIS post, then these cannot harm you or deliver the initial macro enabled word doc that downloads the […]

trackback

[…] you set your PDF reader to safe settings as shown in THIS post, then these cannot harm you or deliver the initial macro enabled word doc that downloads the […]

trackback

[…] you set your PDF reader to safe settings as shown in THIS post, then these cannot harm you or deliver the initial macro enabled word doc that downloads the […]

wpDiscuz