Bloatware Exploit.
Anyone know if us Foxit users are at risk?
Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said. The booby-trapped PDF files are attached to emails that request interviews and offer …
This post has been deleted by its author
1 does this affect non-Adobe apps, such as FoxIt or Apple's Preview, which can read PDFs?
2 the current attack appears to be aimed at Windows (as usual). Is there any evidence of anyone doing anything similar to attack other platforms, or can those who don't use Windows simply ignore this whole matter?
As far as I understand it, the issue is tightly coupled to a specific Adobe DLL, which they "forgot" to secure with Adress Space Randomization (one of those MS bandaids).
So the problem is somewhere in that DLL and it can be easily exploited because they did not enable randomization.
Do not use Adobe software. That's the best advice I can give you.
Here is a list of Alternatives:
http://en.wikipedia.org/wiki/List_of_PDF_software
As someone above pointed out, EDUCATION is key to security. Wikipedia will provide you at least starting points for your Internet Driving License.
People have to learn quite a few things before they fiddle with Computers. Things like:
1.) Admin / root accounts are only used for maintenance and installation purposes
2.) Install Software from Known Good Sources. (E.g. Skype from skype.com, firefox from Mozilla.org etc)
3.) Don't install software which is not listed on trustworthy sources (like Wikipedia, heise.de, theregister, zdnet.com etc) as proper software.
4.) Keep all internet-exposed software patched to latest patch level.
5.) Understand what Virus Scanners do and what Privilege Restriction does. Appreciate that the first approach is totally retarded and won't defend you against targeted Zero-day exploits.
6.) Understand Sandboxes and that they provide REAL security.
Now that is just a short list, but I guess 90% of Computer users don't know of that neither do they have a motivation to know.
Wikipedia is not presenting all conclusions on a silver plate, but if you have some intelligence and spend some time and money (as much as learning to drive a car, maybe ?) you are going to understand quite a few things from that. You could also take the time and meet people in a local computer club and ask them questions on the subject of PC security.
http://en.wikipedia.org/wiki/Pc_security
http://en.wikipedia.org/wiki/Sandbox_(computer_security)
http://en.wikipedia.org/wiki/Root_user
http://en.wikipedia.org/wiki/Virus_scanner
http://en.wikipedia.org/wiki/Linux_Security_Modules
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
http://en.wikipedia.org/wiki/AppArmor
http://en.wikipedia.org/wiki/Google_chrome#Security
http://en.wikipedia.org/wiki/Internet_explorer#Security
http://en.wikipedia.org/wiki/Comparison_of_web_browsers#Vulnerabilities
==========================================
For Computer Scientists and IT people:
http://en.wikipedia.org/wiki/Buffer_overflow
http://en.wikipedia.org/wiki/Cyclone_%28programming_language%29
http://en.wikipedia.org/wiki/AuroraUX
http://en.wikipedia.org/wiki/SPARK
...and then thinking rationally I do think the Chinese are behind this kind of HACKINT (intelligence through hacking) attempts. Too many diverse people from Booz Allen Hamilton, Google to the odd virus scanner maker have stated this. BAH and Google could be CIA shills, but a coordinated smear campaign involving so many companies and countries all done by the retards from Virgina ? Don't think so.
Virus-loaded PDFs are the typical "Chinese Approach".