‘With the release of Adobe 6.0 Reader, a series of security vulnerabilities allows malicious code to be easily embedded in the .PDF file format,’ said Alex Shepson, CTO of InDefense, Inc., explaining the results of testing his company performed — and a solution they’ve developed. The initial tests apparently revealed that ‘many antivirus scanners are not able to detect the MyDoom virus embedded in .PDF files read by the version 6.0 Reader, creating an easy entrance for malicious threats.’
Mary Landesman, security consultant and guide for Antivirus.About.com, adds a similar assessment:
‘Adobe describes PDF files as ‘the de facto standard for the secure and reliable distribution’ of documents and forms. Even the NIST declares .PDF’s the ‘safest alternative’. With the release of Adobe Acrobat Reader 6.0 this is no longer necessarily the case. The decision to allow active content and embedded executables makes .PDF files every bit as risky as any other executable type file. Perhaps even more so, as it appears at least some antivirus scanners are unable to penetrate this format and cannot recognize the presence of even well-known viruses. In short, the release of Adobe Reader 6.0 presents a significant security issue where malcode is concerned.’
As InDefense announced version 3.0 of MailDefense Advanced and MailDefense Gateway editions, providing ‘100 percent protection against known and unknown e-mail borne threats including viruses, worms, trojans and malicious code,’ Shepson said. ‘MailDefense systematically removes all malicious code, independent of format, from .PDF files allowing users to safely open .PDF file attachments with any version of the Adobe Acrobat Reader.’
InDefense cites comments by Jim Elliott, CIO of United Way of the National Capital Area and an an early user of the 3.0 release of MailDefense:
‘We’ve been concerned for some time about the ability of threats to enter our system via .PDF file attachments. We commonly exchange important information with our agencies using .PDF files and it’s important for us to protect not only inbound communications, but outbound communications as well from any malicious code that could be embedded in .PDF files.’
MailDefense Advanced and MailDefense Gateway protect at the server, desktop and e-mail gateway level, according to the company.