Share This with your friends and contacts. Help THEM to stay safe:

We have recently been seeing a newer  method of infecting you by embedding macro enabled word  docs  and other macro enabled office files particularly Excel XLS into pdf files. To all intents and purposes these PDF files look quite innocent and will normally be an almost blank page with 1 line of text. These started off delivering Locky Ransomware  then switched to  Jaff ransomware and Dridex banking Trojan. Over the last week or so, since 6th or 7th  June 2017 they have now added delivering Trickbot banking Trojan via this method as well.

These recent posts illustrate this attack method:


If you have Adobe reader or any other PDF reader set to default settings, then there is a high probability of you becoming infected via this method. Luckily it is relatively easy to protect yourself.

First of all go to and follow the instructions to set PDF files to open in the Adobe Reader ( or whichever PDF reader you use) NOT to open in the browser which introduces many possible vulnerabilities.

The settings vary for this vary according to your browser:

Internet Explorer

Step1. go to tools/manage addons

Step2.  Select all addons in the drop down, look for Adobe PDF reader and then press the disable button.

That way any PDF you receive will only open in Adobe reader itself and not in your browser, so cutting down the risk of any exploit infecting you.

Google Chrome

Please read HERE  and enable the Download PDF files instead of opening them in Chrome option

Firefox  see HERE and select use Adobe Reader ( default)  or the alternative PDF reader you have installed.

Previewing PDFs in a browser is just too dangerous to take a risk with the current exploits and it is much safer to view them in the application itself which should be sand-boxed to prevent exploits slipping out.

Once you have safer settings set in Adobe reader, you are extremely unlikely to infect yourself with this sort of malware.

Trying to open a PDF with embedded content will give you this

and you can see that you cannot open or save the embedded word document so stopping you from being infected, even though you can see the word doc listed in left hand side bar

First Open Adobe reader, on the top menu bar  select  Edit then Preferences. This contains all the settings you need to change to make sure that this and other similar types of malware cannot infect you.

First turn off Adobe JavaScript.

The majority of time, you don’t need JavaScript enabled. On the odd occasion that you need it to fill in forms from Governments, employers, Tax etc. you can re-enable it for that single use.

Tirn off Adobe Reader Javascript

Next enable Adobe Protected Mode and Enhanced Security. This blocks most features in Adobe reader to stop anything auto opening or running. It prevents you saving or opening attachments or embedded objects like video or sound ( why anyone would want music or video in a PDF is beyond me though.) Enable Adobe Protected ModeNext and the most important in preventing embedded objects from being used maliciously

Turn off opening of PDF attachments in external programs

You can read to learn how to set word to protect you.

Share This with your friends and contacts. Help THEM to stay safe: