Don't launch that file Adobe Reader!
Maybe you read my PDF + DOC malicious document diary entry, or maybe even you tested your system with my PDF + DOC test file, and maybe you wondered if you could change Adobe Reader's behavior.
Well, no more "maybes": you can. Years ago, when PDF malware was the most widespread malicious document type, disabling JavaScript in Adobe Reader was a recommendation.
But you can also prevent Adobe Reader from opening embedded files and launching the associated application. Here is the setting in the Trust Manager to do this:
And if PDF attachments are important in your organization, this setting will not prevent attachments from being saved (extracted). Only from being launched from within Adobe Reader.
I also have a video showing the effects of this setting (plus the JavaScript setting).
Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
My YouTube Channel
Comments