T_Dog Posted March 14, 2016 Share Posted March 14, 2016 Sophos anti virus for MAC finally caught a virus. My first clue was the screen turning purple after downloading and expanding a folder of .pdf documents that were a reference manual for some electronic equipment. Ran the clean up and hopefully things are good. Be on the look out for this. http://wiki-threats.com/post/Remove-PDFExploit.PDF-URI.Z-Infection-to-Secure-PC-Security_7_10437.html Link to comment Share on other sites More sharing options...
schondie Posted March 14, 2016 Share Posted March 14, 2016 Yeah, many PDF docs are loaded with viruses. I check every one and only download from trusted sources. Link to comment Share on other sites More sharing options...
bubba Posted March 16, 2016 Share Posted March 16, 2016 The link you provided describes PDF/Exploit.PDF-URI.Z This appears to be a Windows only trojan and the fixes described in the article are all for Windows. Did Sophos identify it as PDF/Exploit.PDF-URI.Z ? Link to comment Share on other sites More sharing options...
DaveBKK Posted March 16, 2016 Share Posted March 16, 2016 These aren't really virus inside PDF files. They are Trojans... Actual programs that try to masquerade as a PDF. Like file.pdf.exe or some nonsense. If you are conscientious it's easy to identify. Link to comment Share on other sites More sharing options...
bubba Posted March 16, 2016 Share Posted March 16, 2016 And if the file extension is .exe then it is not something that will affect OSX Link to comment Share on other sites More sharing options...
partington Posted March 16, 2016 Share Posted March 16, 2016 And the link you provide, like many links concerning viruses. is an advertising link to entice you to download something. Quite often these programs, if they are free, are malware themselves and this antivirus scare is a way of getting you to download a worse virus or Trojan. Even if the program IS what it says it is, it's merely an elaborate advertising trick. I'm not saying the virus doesn't exist (though it may not), merely that the best way to deal with it is not necessarily by following advertising copy, and this could lead you to download a far worse intrusion into your system. It really annoys me now that almost all searches for methods on how to do anything on a computer comes up with a majority of advertising pages disguised to look like some info blog. They always have a tiny little stock photo of a face with a generic name (e.g. "Victoria Denby") above the article to make it look like it's a real human's blog, and it always tells you the method to solve your problem (e.g. converting one video type to another) is to buy some software, often, but not always, the one that the url contains the name of plus .com. It's often easy to tell these are fake because apart from selling software, "Victoria Denby" often writes in weird almost Russian sounding English despite her generic western name, and misses out capital letters. For example: "How can i remove it from my computer? Is there any other effective removal tool i need to download?" Gradually, you will find the perform speed of your machine run kind of slower than before,[...] Furthermore, lots of malicious programs downloaded by PDF/Exploit.PDF-URI.Z are flood in your computer[...] Based on what I have stated above, PDF/Exploit.PDF-URI.Z is to your computer, what a cancer to your body. You need to take efficient measure as soon as possible to stop it now." All these are from the dodgy ad page linked to in the above post, supposedly designed to help with this virus. Link to comment Share on other sites More sharing options...
partington Posted March 16, 2016 Share Posted March 16, 2016 To follow up: a little research shows that the link given is a known malware site https://www.herdprotect.com/domain-wiki-threats.com.aspx:"wiki-threats.comPrivate RegistrationDomain InformationThe domain wiki-threats.com registered by Private Registration was initially registered in August of 2015 through TURNCOMMERCE, INC. DBA NAMEBRIGHT.COM. Currently this domain has been known to host various forms of malware. The hosted servers are located in Kansas City, Missouri within the United States.Registrant:Private Registration Registrar:TURNCOMMERCE, INC. DBA NAMEBRIGHT.COMServer location:Missouri, United States (US)Create date:Sunday, August 09, 2015Expires date:Tuesday, August 09, 2016Updated date:Sunday, August 09, 2015ASN:AS32097 WII-KC - WholeSale Internet, Inc.,USWhois:1 wiki-threats.com record" Link to comment Share on other sites More sharing options...
Chicog Posted March 23, 2016 Share Posted March 23, 2016 These aren't really virus inside PDF files. They are Trojans... Actual programs that try to masquerade as a PDF. Like file.pdf.exe or some nonsense. If you are conscientious it's easy to identify. Not true. Most of the attempted infections I see are scripts embedded in PDF files. It's really easy (and sensible) to just block anything executable, which is why a lot of malware is now delivered in application data files; Office documents are another major source of embedded malware. Link to comment Share on other sites More sharing options...
DaveBKK Posted March 23, 2016 Share Posted March 23, 2016 Most of the attempted infections I see are scripts embedded in PDF files. Yeah ok it can run JavaScript (IF an older reader that auto-runs scripts) to either try and download or drop some executable into system files. This is pretty much completely mitigated on OSX if the reader is properly sandboxed (most are including Adobes and OSX built in Preview). Or if running latest version of "rootless" OSX which shouldn't allow any shenanigans with system files. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.