A lot of Windows worms on the Internet spread via email attachments. In the old days they were .exe files and nerds everywhere LOLed at the dummies who ran strange executables. Then the worms switched to .scr and nerds LOLed again but a bit more ruefully, explaining quietly how that filetype was an executable, too. And .com and .ocx and dummy don't you know Windoze? LOL.

This week's worm is Trojan.Pidief.A, a new joy. It's a .pdf attachment which exploits a bug in Adobe Reader's handling of mailto: URLs. LOL dummy, don't open PDF documents! Cuz if you do, Russian gangsters will install the Gozi trojan and steal your bank accounts. LOL.

You can't blame users for opening attachments; emailing PDFs is useful, good activity. The problem is the fundamental security model is broken. Email documents have to be interpreted in a restricted environment. There is no consumer computing platform today with a useful restricted environment.

Adobe bears special responsibility here for their software that's installed on every computer on the planet. Their broken, buggy software that results in your money being stolen by Russian gangsters. Adobe did get a patch out Oct 22, amazingly just one day before the PDF worm was disclosed. But given how awful the Reader upgrade experience is I suspect a lot of computers are unpatched.

techbad
  2007-10-29 16:12 Z