Daily Archives: January 3, 2013

Why you shouldn’t open those email attachments you get from people you don’t know

If you are like me, you are getting more and more spam with little in it but a request to open a file. There’s two reasons for this. First, the less text, the more likelihood the spam will get past spam filters. Second, the opening of that file will potentially infect your computer with any number of problems. For example, if you open a PDF file, this page – — PDF Security Issues — describes some of the problems that could occur. Here’s a snippet from that page:

  • Javascript: Adobe Reader (and possibly other readers) contains a Javascript engine similar to the ones used by web browsers, but with a slightly different API to manipulate PDF content dynamically or to control some viewer features. Potentially dangerous features are restricted for obvious security reasons. However, this means that PDF documents are not purely static, and for example some actions may be used to fool a user (popups) or to send e-mails and HTTP requests automatically. Furthermore, experience shows that many recent vulnerabilities have been exploited using Javascript in PDF.
  • Launch actions: a PDF file may launch any command on the operating system, after user confirmation (popup message). Different command lines may be specified for Windows, Unix and Mac. On Windows only, parameters can be provided for the command. Until Adobe Reader 9.3.2, the CVE-2010-1240 vulnerability made it possible to fool users by modifying the text of the popup message. Since Adobe Reader 9.3.3, a blacklist restricts file formats that can be opened, blocking executable files by default (but a way to bypass it has been found, and finally fixed in v9.3.4).
  • Embedded files: a PDF file may contain attached files, which can be extracted and opened from the reader. This trick may be used to hide malicious executables in order to bypass some antivirus and content analysis engines. Fortunately, Adobe Reader refuses to open embedded files if their extension is part of a blacklist, such as EXE, BAT, CMD, etc. However, this blacklist is not perfect and formats such as HTML or Python scripts may be embedded in PDF and launched from Adobe Reader.
  • This is for PDF files. Similar things can happen with other files that can launch actions or embed files.

    If you don’t know the person sending you the email, don’t open the file, even if you are curious. Just delete it.

    Advertisements

    My blog on wordpress: 2012 in review

    The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. (Thanks, Helper Monkeys! :))

    Here’s an excerpt:

    19,000 people fit into the new Barclays Center to see Jay-Z perform. This blog was viewed about 160,000 times in 2012. If it were a concert at the Barclays Center, it would take about 8 sold-out performances for that many people to see it.

    Click here to see the complete report.