KOLKATA: There's a new way of stealing data from your PC. Hackers
are using Adobe Acrobat file format — commonly called PDF files — to siphon off sensitive data from your PC to China.
Adobe files are considered very safe for viewing documents. So safe, that even credit card companies send their bills in this format and almost all banks use them to send online documents, statements and bills. It is this faith on Adobe files that hackers are trying to cash in on.
According to Websense Security Labs, a Zbot Trojan virus is spreading rapidly through emails and the security firm has already discovered about 2,200 such mails in India. Zbot (also known as Zeus) is an information stealing virus that remains hidden in a PC (Trojan) collecting confidential data from each infected computer.
The modus operandi for the virus is to trick users into opening a mail with a PDF file attached to it. Once a user clicks on the file, the PC gets infected and there is an outflow of sensitive information to the programmer of this virus somewhere in China.
"Do not open any mail with a PDF file attachment that has a file name, Royal_Mail_Delivery_Notice.pdf. When recipients open the PDF, it asks to save the file. The user falsely assumes that the file is just a PDF, and, therefore, safe to store on the local computer. The file, however, is really a virus. The malicious PDF launches the dropped file, taking control of the computer. It was discovered that the latest anti-viruses have an 80% chance of mistaking the file as a harmless one," said a Websense spokesperson.
"It does a whole lot of things to the PC. The virus copies itself in the systems part of Windows Operating system — the area where all the vital windows programmes are stored and changes the registry of the computer in a way that the virus will get activated every time one switches on the PC.
Registry is a database located on a computer that keeps track of everything, such as hardware, software, and user information. For example, when new software is installed in a computer, the registry would contain all the information about this software," the spokesperson added.