I’m finishing a busy month rolling out the software agent that monitors workstations and installs updates to Java, Flash, Adobe Acrobat & Reader, and more. On Friday, clients will get the first weekly reports on the health of their servers and workstations. I’m adding checks to ensure that Microsoft Security Essentials is up to date and sorting out the initial reports about updates that stubbornly refuse to install correctly. It’s been hectic but the result is that several hundred computers are happy and up to date, and that helps me sleep better.
If you’re not signed up for my monitoring service, or if some of your computers aren’t covered, call me! Here’s the background information about the service, and here are more details. It’s a lot of protection for a few dollars each month.
You have to stay up to date. Keeping up with the torrent of updates from Sun (Java), Adobe (Flash/Acrobat/Reader), Microsoft (Windows/Office), Mozilla, Google – it’s frustrating and intrusive and confusing, I know. Sorry, but it’s important. Most malware attacks are aimed at vulnerabilities that have already been patched. When you’re led to a poisoned web site (and you will be), it will be searching for an out of date program that can be broken in a way that allows a bit of malware to be installed. Each update closes another small vector of attack. The attacks work because most people don’t install updates in a timely way.
A recent report from Symantec’s MessageLabs reaches the startling conclusion that PDF files are now the preferred vector for malicious attacks, and that PDFs are as dangerous as .EXE program files:
For years, PDFs have been used to stage targeted and now non-targeted attacks, but many people still consider PDFs a relatively trusted file type. In fact, the PDF is one of the most commonly used file formats with which to exchange electronic documents. However, PDFs are potentially one of the most dangerous file formats available and should be treated with caution, much as EXE files should be. Because it is significantly easier to generate legitimate and concealed malicious content with PDFs, they are much more dangerous than EXEs.
The report appears to be focused on email attachments. Whether an attachment is a PDF, an EXE file, a movie or a picture, you understand the fundamental rule by this time, right? Never, never, never open email attachments unless you know with 100% certainty that the attachment is something you expected and want to receive.
Adobe deserves the lion’s share of the blame for the proliferation of PDF attacks, and its programs must be kept up to date. But it’s not a coincidence that the popular alternative FoxIt Reader is frequently updated (currently at version 4.3.1.0218, with updates appearing roughly once a month). Poisoned PDFs can infect a computer regardless of what program opens them.
My monitoring software will keep FoxIt up to date, along with Adobe and the rest. Are you signed up yet?