As i told you few days ago about the flaw discovered in the adobe reader version 7 by which it can be used for phishing scams or for getting personal or accounting information of the users. The problem lies with the Javascript.
The Adobe flaw is with a Javascript "feature" in Reader and the Adobe plug-ins that render PDFs in Microsoft's Internet Explorer and Mozilla's Firefox Web browsers. It turns out that this feature introduces the possibility of so-called "cross-site-scripting" attacks, which involve tricking a Web site (or a user's Web browser) into displaying content from a site other than the one which is typed in the browser's address bar. Actually sometimes readers are referred to a PDF document for further information on that point or subject.
Now have a look how it happens. let us suppose you are reading any blog which contains a link to an PDF document hosted on any accounting site or any bank site. Now you are referred to that document but you are not sure what it contains but you have clicked on the link of the PDF document for further reading on that topic. Now as you click you are on the site of that bank or accounting site (for the ease let us consider a bank here as an accounting site or a site which contains record of your account) and a pdf document is opened in front of you .
Now up to here there was no danger but here the Javascript related problem starts because Adobe reader will silently realy pretty much any Javascript command.If the link present in the blog include Javascript command that tells your web browser (IE 6 and Mozillafirefox ) to launch a pop up prompt or a new web page setup by hacker(phishing) . Here the hacker designed such a page that exactly look like your bank site which now may demand to update your account information .
Expert say that link present in that blog may contain a javascript command which is just setup to transfer the money to another account(obiviously hackers accout) which can work even if you are not clicking on that thing (money transfer) like you may be asked to click on yes or no but this click for anything else is going to transfer your money even without your knowledge. looks scary....
But as i told you adobe had removed that bug from the newer version of adobe reader version 8.
0 comments:
Post a Comment