Tricky PDF Virus Evades Virus Scanners

On April 27, multiple users at a San Diego client site received emails purporting to come from the “operator” of the email server. The text of the email was written to try to get the recipient to open the attached PDF file. Opening the PDF file and clicking on a couple of confirmations would install a virus on the recipient’s computer. At first, most virus scanners did not recognize the PDF file or the included virus, so simply running current anti-virus programs would not have stopped this infection.

MCB Systems has taken additional measures on all client computers to remove the ability of PDF files to launch programs, including virus programs.

There are a few “take-aways” here:

  • PDF files can contain viruses. Long considered safe, PDF files are increasingly used as “carriers” for viruses.
  • When you receive an email that you are not expecting, slow down for a moment and run it through your “is this real?” filter. For example, this one was spoofed to show it coming from operator@clientdomain.org, which is not a real address. It was sent at 3:48AM, an unlikely time for a human to send an email. Often these attempts at social engineering will contain errors in grammar, as this one does.
  • Make sure you have current backups in place. Often the only way to get rid of a virus is to wipe everything on the computer and re-install the operating system. Ideally you want to use an image-based backup, which allows quickly restoring the entire computer to a previous point in time. MCB Systems can help you choose the best backup solution for your business.

Thousands of new viruses are created every day, and anti-virus software is always playing catch-up. The best defense is still for users to be aware of the threat and to remain safety-conscious when online!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.