Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-09-19 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Don't launch that file Adobe Reader!

Published: 2015-09-19
Last Updated: 2015-09-19 09:52:44 UTC
by Didier Stevens (Version: 1)
4 comment(s)

Maybe you read my PDF + DOC malicious document diary entry, or maybe even you tested your system with my PDF + DOC test file, and maybe you wondered if you could change Adobe Reader's behavior.

Well, no more "maybes": you can. Years ago, when PDF malware was the most widespread malicious document type, disabling JavaScript in Adobe Reader was a recommendation.

But you can also prevent Adobe Reader from opening embedded files and launching the associated application. Here is the setting in the Trust Manager to do this:

And if PDF attachments are important in your organization, this setting will not prevent attachments from being saved (extracted). Only from being launched from within Adobe Reader.

I also have a video showing the effects of this setting (plus the JavaScript setting).

 

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
My YouTube Channel

4 comment(s)
Diary Archives