Oh no! First Flash, now PDF? Do we need to worry?

Adobe Acrobat – breakthrough (image: reyada2.com – click)

My (profesional) life changed for the better with the widespread adoption of Adobe’s wonderful Acrobat PDF (portable document format). I use it every day — to communicate with others, to archive information or make it available for others … and to print and publish.

It is sooo much better than how we used to do things, especially interacting with media, others in publishing, and professional printers. Seriously. Way better!

So, I was surprised to read news of a report (at stuff.co.nz) quoting (sometimes hysterical-sounding) security software maker McAfee …

Cellphone security threats rise sharply

… McAfee, which is being bought by Intel for $7.68 billion, said it expected PDF and Flash maker Adobe to remain a favorite of cybercriminals this year, after it overtook Microsoft in popularity as a target in 2010.

It attributed the trend to Adobe’s greater popularity in mobile devices and non-Microsoft environments, coupled with the ongoing widespread use of PDF document files to convey malware. [Comment: Gulp!]

McAfee said Google’s Android, which last quarter overtook Nokia as the maker of the world’s most popular smartphone software, had been targeted by a trojan horse that buried itself in Android applications and games.

Such a report begs the questions:
How do I know that PDF I’m downloading is safe? Is there a way to scan it?*
…. which I guess is exactly what McAfee wants to you to ask. (Their reply: Have I got a deal for you!)

I’ve already disabled Adobe Flash on my computer, as discussed here, and even before that I’d installed ClicktoFlash to block unrestrained Flash (mainly to deal with gyrating ads) as well as Flush to get rid of any Flash cookies that wanted to cling on to my MBPro’s nether regions.

The other quiet point in that stuff.co.nz article is that ‘trojan horse’ stuff about Google’s Android. Yikes. Perhaps Apple’s “walled garden” approach with their iPhone/iPad App Store may discourage that, but probably wouldn’t defeat it? Dunno.

Has anyone had any real world experience of this alleged ‘widespread use of PDF document files to convey malware’? Or is it just a sales pitch? Much ado about nuttin’? – P

* Google’s Gmail occasionally tells me an attachment contains a suspicious attachment like this message today:

From: Gmail Team
Date: 9 February 2011 6:03:59 AM NZDT
To: Peter Aranyi
Subject: Message left on server: “United Parcel Service notification #18384”
Reply-To: nyquil_driver@hotmail.com [Comment: Spammer, d’ya think?]

The message “United Parcel Service notification #18384” from Bette Simon (info72122@ups.com) contained a virus or a suspicious attachment. It was therefore not fetched from your account Peter@[domain] and has been left on the server.
If you wish to write to Bette, just hit reply and send Bette a message.

The Gmail Team

… So it looks like some scanning is occurring.