I suppose I don't need to say that there are a lot of security risks lurking around our computers. But as Fortinet's May Threat Landscape report shows, you can never let your guard down when it comes to data security.
PDF used to be a trusted application, but I suppose "trusted application" is a term that doesn't mean much these days. In April, Adobe Acrobat issued a security risk alert that stated:
The attack leverages Adobe Acrobat and Reader's ability to launch other content and applications. Strictly speaking, the new attack vector isn't a flaw in Adobe's software but rather relies on social engineering to trick users into clicking on something they shouldn't, which could lead to arbitrary code execution.
Didier Stevens, who first reported the problem , said:
(Note that Adobe has provided strategies to mitigate the problem while working on a fix.)
Because so many rely on PDF files for business use, perhaps it is no coincidence that Fortinet showed a new PDF exploit, PDF/Pidief.BV!exploit, being circulated in high volume through an ongoing spam campaign. (And Adobe released another security alert about PDF Reader today.)
Said Derek Manky, project manager, cyber security and threat research:
What sets PDF/Pidief.BV apart from other PDF threats we are seeing, is that it requires user interaction. More specifically, a user needs to click on the open' button when prompted by a dialog box to initiate the infection. This threat is another reason why it's imperative for users to carefully read these types of messages when they appear.