Comments

infected malformed PDF attachments to emails — 12 Comments

  1. I opened an infected PDF by mistake. I saved the PDF file from my email to my desktop, and scanned the file …Sophos identified a trojan.

    Is it sufficient to run a Sophos Endpoint Security full system scan to determine if my machine is virus free? I ran a full system scan and the result showed an all clear. My virus definitions are up to date.

    I am not sure if I need to be concerned and if I can use my machine to handle my confidential details.

  2. if you actually tried to run ( open) the pdf, then there is a possibility that you might have been infected. However if Sophos knows the tojan & detected it on a scan, then it is very probable that it would have detected it on access and blocked it
    Whether you have been infected will depend entirely on what version of Adobe reader you have on your computer.
    Anything newer than 11.0.03 should be safe form the exploits that this particular version was using, but new exploits come out daily and until I see a copy of the malformed pdf, I cannot tell

    • you don’t know if you are infected
      some of these malicious pdf files put up a fake message saying that Adobe couldn’t open it, when in fact the script virus ran & downloaded the gameover Zeus malware
      You do need to update Adobe reader to the latest version to guarantee safety, But from what I can see of the file it uses an exploit from 2013 that was plugged in Adobe Reader XI (11.0.03).
      I can’t determine if they are using a new exploit, but at this time, I don’t think so

  3. As a mac user, I use either preview or Skim to read the tons of PDFs I usually handle. Don’t like much the basic Adobe reader because I cannot delete the pages.
    I use clamxav (I cannot install Sophos on my old mac) to scan the pdf but it has never detect anything strange.
    What can I do to be on the safe side? As far as I know there is nothing in the settings that I can uncheck in order to block any script/macro hidden inside the a modified pdf.

    thanks

  4. Pingback: Infected W/ Unknown Malware – From PDF Creator Download – iboardeasy.com

  5. Pingback: How Can I Know If I Have A Virus After I Pressed On A Zip Someone Sent Me? – iboardeasy.com

  6. Pingback: How Do I Block/trash Emails Sending Me Scam .pdf Attachments? – iboardeasy.com

  7. I have received one, purporting to an apple subscription receipt. No apple accoun -so…..
    All the above posts just recommend deletion and scanning.
    One of your earlier posts remarks:
    “Anything newer than 11.0.03 should be safe form the exploits that this particular version was using, but new exploits come out daily and until I see a copy of the malformed pdf, I cannot tell”

    In which case, do you need a forwarded copy of the mail?

    Simply deleting it does not give me any confidence that anyone is doing anything about it being sent in the first place?

    If you want it contact me at the email address below.

    B

Leave a Reply

Your email address will not be published. Required fields are marked *