RSS Alerts

Share

More services

Related Links

  • Computer Weekly
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Applications under attack says Microsoft, Adobe
    Many in the security field agree that attack vectors have rapidly moved from exploiting operating system vulnerabilities to the application layer. Security specialists from Microsoft and Adobe lent their opinions as to why this is the case.
  • PDF attacks skyrocket, says Symantec
    Web-based attackers are increasingly targeting PDF files to compromise machines online, according to new figures released by Symantec. In the April version of its Internet Security Threat Report, the company revealed that half of all Web-based attacks in 2009 targeted PDF files, compared to just one in 10 attacks reported the previous year.
  • New Zeus attack uses Adobe design flaw
    The Zeus botnet continues to spread graciously, according to new data collected by Websense – and other researchers say that it is exploring a recently discovered design flaw in the Adobe PDF file format.
  • Researcher makes PDF files worm-able
    A security researcher has come up with a proof-of-concept attack that enables malicious executables to be remotely injected into clean PDF files.
  • X-Force: Document vulnerabilities on the rise
    Adobe's PDF document format continued to take a bashing this week, after a report from IBM's X-Force security consulting arm singled out readers supporting the software company's de facto standard document format as a particular security worry.

Top 5 Stories

News

New phishing attack disguised as a PDF reader update

12 July 2010

Malicious e-mail attacks that look like PDF reader updates have been increasing in volume since the middle of June, says Symantec Hosted Services.

The phishing emails do not attempt to exploit vulnerabilities in the PDF format or link to malware disguised as a fake new PDF reader, but target credit card information instead.

The phishing email links to a professional-looking page made to advertise fictitious new PDF reader software, which in turn links to another site that uses social engineering techniques, such as offers of free software and other gifts, to encourage victims to pay for membership.

Victims are asked to enter their credit card details on a payment page that includes the logos of the top credit card providers and the logos of their secure payment systems.

The phishing scam is designed to capture these credit card details and is extremely dangerous because the site looks legitimate, said Jo Hurcombe, AV operations engineer at Symantec.

Any unsolicited email received from an unknown source should be treated as highly suspicious, especially one that requires visiting an external page by clicking a link, said Hurcombe.

Any site that asks for money, if it is not using SSL encryption with a URL that starts with "https", it is not secure, no matter what it claims.

"Even if the site does use SSL, that does not guarantee security as the site itself could be designed specifically to harvest personal information", said Hurcombe.

 

This story was first published by Computer Weekly

This article is featured in:
Application Security • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012