
Malware masked as textbooks and essays - malwalert
https://www.kaspersky.com/blog/back-to-school-malware-2019/28316/
======
eyegor
And this is why allowing scripts/embedded executable files in document formats
has always been a bad idea. There's always someone who will mess it up.
Luckily there are some tools for sanitizing documents, such as dangerzone for
pdf [0]. But I wish there were standardized docx/pptx/odf/odp with zero
scripting capabilities.

[0]
[https://github.com/firstlookmedia/dangerzone/blob/master/REA...](https://github.com/firstlookmedia/dangerzone/blob/master/README.md)

~~~
blue1
If I understand the description correctly, dangerzone completely rasterizes
the pdf. This seems pretty drastic. Isn't there some tool that just checks the
PDF or removes the scripting, without having to install a commercial antivirus
software?

------
saagarjha
> As it turns out, over the past academic year, cybercriminals targeting the
> field of education tried to attack our users more than 356,000 times. Of
> these, 233,000 cases involved malicious essays downloaded to computers owned
> by more than 74,000 people. Our solutions blocked them, of course.

Note that you can only detect malware you block. Successful malware bypasses
detection…

------
leoh
I have been concerned that scihub and libgen could be distributing viruses via
0-days in PDFs.

~~~
LeoTinnitus
I have always been concerned about that as well. Although aren't you somewhat
safe depending on if you only open it with the corresponding pdf software? I
thought the "only" vulnerability was the software it's used with and if you
double click it or not.

~~~
meowface
Yes, though theoretically a single PDF could contain multiple exploits for
multiple different PDF reader programs, I believe. Not sure if that's ever
actually been observed, but it seems plausible in theory.

Most people use Adobe Acrobat, though, I think, so a PDF exploiting an Acrobat
zero-day can be safely assumed to be pretty effective.

------
peter_d_sherman
I can picture the 22nd Century...

Shakespeare, and other great works of classic literature... are now classified
as "malware"...

Essays (like those of Emerson, Voltaire or Thoreau) are now classified as
"malicious essays"...

And, much like a box of Cracker Jack, or bottle of Tequila, you get a free
"surprise" with each one... you get a free worm... (well, it's a computer
worm... but same difference...)

Well two things are for sure in this "Brave New World" (a book which is also
banned by the way!)...

1) Computer virus protection companies will never go bankrupt, and

2) Perhaps old-fashioned, printed on physical paper, virus-free (well,
computer-virus free, not necessarily "mind-virus" free!) books (in addition to
_actual education_ ) will make a comeback!

I am not holding my breath for this, however...

(Disclaimer: I am kidding about most of the things I said above...)

------
phendrenad2
Seems like most aren't PDF reader exploits, but are things masquerading as PDF
files (links to open IE to an exploit site, exes with a PDF icon, etc.)

This is an area where antivirus software like Kaspersky shines - noticing
things that are "obvious" that a user might nevertheless not notice 100% of
the time.

------
malwalert1
The site academia.edu seems to be a big part.

It baffles me how widespread this is.

------
skylarchunk
Hm, what about malware masked as ZOOM? ;-)

