Thursday, March 5, 2009

In the theme of trojans and viruses

Common lore is that you get a virus or trojan on your computer by opening a malicious file (either an attachement in email or from a website that has the file masquerading as a new video codec or enhancement for your computer).

A blogger, Didier Stevens recently created a youtube video showing how a vulnerability in a PDF file has been exploited so that you trigger the exploit by clicking on the document (selecting it) or by having a "thumbnail" view of the document.

In the video a debugger is launched as the exploit gets activated to illustrate the point.

No comments:

Post a Comment