Hi,
as here are many intelligent people who know a lot about computers I'll use this forum for my security questions:
Is there any posibility of sending a virus in a pdf file? I got an email from someone I don't know with an attachment "Hot quotes-moose2.pdf"

I think if I don't have a printer it can't do anything. I've googled a bit and found "Peachy", which is an embedded VBS-File made by hacker Zulu. Is there any way to be shure there isn't an virus if I don't have a antivirus-programm? (all the time before I thought it is useless - and I didn't ever have a virus (sometimes I install AntiVir on my computer, but its a "gamer pc" and antivir isn't that good for performance) )



ah, and please post these funny "sheik of arab"-emails: "I'm the sheik from arab and I have to go abroad with my money. but I have to get 3.000 dollars more to do that. so please sent me these 3.000 dollars and I'll give you 10.000 back as I'm in america"

3 years ago I got lots of these mails and they're always funny
there is even a page with a person who wrote something back like "I have to know if you're the right sheik, so please make a photo of yours holding a fish over your head and i'll sent it"
and the other person really made it
But I forgot the url of that page
does anybody know what i'm speaking of?

I only read the first two lines. And I can say

YES treat .pdf as hostile.

the main reason is that .pdf can contain javascript which will be executed by the
client application.

Other bugs are also possible in the pdf rendering but less lightly imho.

there is a recent spamworm active which sends out .pdf


wikipedia, is slightly out of date.
http://partners.adobe.com/public/developer/pdf/topic_js.html

to safely open this you need a testing envirement. I have a virtual machine of a few
100mb that i just make a fresh copy of, everytime i need to test something
(and clearly i cut of. or log network however nescessary)

thank you very much rhican. I have a 400 gb external hdd with all my data. The data I need often is permanent on the pc, like games. the data i need some times, like ideas how to solve challenges of email adresses is only temporaly on this computer. so if it were a virus I wouldn't have much trouble but the xp telefone registration takes always a lot of time

if the virus is a worm, steals sensitive private data, emails all your friends, corrupts other data, and somebody uses the data gathered by the worm
to commit identity theft. Stealing your's or anybody who uses the pc identity... Or other data like software registration keys, and distribute those
over the web. Might take you longer to recover.

Just don't run hostile code. Even if you are confident Norton/symantec/kaspersky/or whatever vaporware you use will fix it in no time.
Reïnstalling winXP from a cd is a hell of less pain than it was to reinstall windows 95 from 17 3.5 inch diskettes. Still doesn't mean you
should be careless.

Don't open potentially hostile files unless in a controlled environment. Now admittedly i am too paranoid; But if it's up to me you should
disconnect anything

Btw having test environments is fun, grabbing some malware, discovering it connects to some irc channel, and going over there
is way old school. and pretty fun. Chances are you will end up in .ro so better brush up on that romainian.

Anyway look here

http://blogs.zdnet.com/security/?p=530

.pdf really wasn't that secure *wink* *wink*

I know this is obvious for people like us but still, any messages on msn that ya get about viewing a picture http://www.blah.com/Pic394.com .

JUST a heads up in case you guys don't track the security too much. since yesterday there is an "0-day" pdf exploit poc for windows/IE7 in the WILD.

so ye be warned. Or ye go exploiting your school by sending "class schedules" when spoofing the secretaries email

(at own risk)

Security can get really real ..

because who wouldn't open a .pdf ... the game is on. some troubled times ahead probably