Could that PDF link really be a virus?

January 29, 2004


eWeek and various other tech news sites are reporting that "security researchers are warning of another spoofing vulnerability" for users of Microsoft Internet Explorer, one that "allows an attacker to mask the true file extension of malicious downloads." In other words, that link to a PDF (or another common file format) may in fact be designed to "lull a user into opening a malicious file."

So unless you enjoy trolling dangerously with IE, it may be prudent to check out a report titled "Internet Explorer File Download Extension Spoofing" at Secunia, Ltd., a Denmark-based security vendor. It explains how MSIE "can be tricked into opening a file, with a different application than indicated by the file extension."

The report also includes an MSIE File Download Extension Spoofing Test, which provides a link to help determine whether you are vulnerable. If you are:

"After you have clicked the link:
If your Internet Explorer is vulnerable to this issue, a 'File Download' dialog box will be displayed with the field 'File name' being spoofed to be a .pdf file.

If you choose 'Open' in the 'File Download' dialog box, the file will be executed as an HTML executable instead of being displayed with your favorite PDF viewer. This happens even though the filename seems to be 'Secunia_Internet_Explorer.pdf.'"

Microsoft has posted "Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks," including:

"Do not click any hyperlinks that you do not trust. Type them in the Address bar yourself."

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.