A researcher (from Belgium! ) has found a way to exploit pdf files, without using a vulnerability. He created a pdf file with an embedded executable, which will start when the pdf file is opened.

http://blogs.zdnet.com/security/?p=5929

Pretty cool it seems, as far as my knowledge about the subject goes

Nice find! i like the part that Foxit Reader doesnt even give a warning! (it just executes the script without ant notification) A lot of people are switching to Foxit, so this proves that alternatives arent always better!

just read that foxit will fix the problem first thing next week:

http://forums.foxitsoftware.com/showthread.php?p=41323

lets see how Adobe will do...

So, metaphish uses this functionality only with javascript. I believe Dave Kennedy will be implementing into SET (the Social Engineering Toolkit) soon =)

So many ways to trick the user =(

Guys, since I had some spare time , just a small write-up on this to demonstrate how it occurs in the PDF. Thought you all might be interested.

http://www.isolatedthreat.com/?p=214

As usual comments welcome.

n1p

Yes, it is using the PDF language spec, but not in the way they intended

Malware uses a variety of techniques to embed in a PDF, so I will be interested to see how he has done it... And how vendors respond