Fleecing
It's what sheep are for isn't it?
A new strain of cybercrime Trojan is targeting Facebook users by taking over their machines and shaking them down for cash. Carberp, like its predecessors ZeuS and SpyEye, infects machines by tricking punters into opening PDFs and Excel documents loaded with malicious code, or attacks computers in drive-by downloads. The …
That's a little harsh and bitter isn't it? Wouldn't let you have an account due to being an arse on other websites? So when they get bored with fleecing FB users and come after your chosen websites, are you going to be so flippant?
I dislike the whole FB thing but if people wish to use it, that's their business and as such they should be free to use it without harassment from scum like this extortionists.
But I think PDFs can execute code (Javascript?) so it may depend on exactly what they exploit. It could potentially carry payloads for multiple readers, so obscurity is no real defence. On a Windows box one needs that AV running.
Heck, on a GNU/Linux box one should be running AV also - mostly to avoid passing infection on to the less fortunate. :-)
Heck, one should probably only use the browser from within a VM, that way any infection can be erased with a simple "Revert to previous snapshot".
"But I think PDFs can execute code (Javascript?) so it may depend on exactly what they exploit. It could potentially carry payloads for multiple readers, so obscurity is no real defence. On a Windows box one needs that AV running."
Yes, it can carry a javascript payload. It was intended to give PDF documents a bit of "smarts" to navigate to certain pages under certain conditions, or perhaps do other "basic" things where you need some scripting. But being java, you can pretty much do anything.
I'm not sure AV software can insure you against this (no idea, I don't use any myself), but you can configure even the dreaded Adobe Free PDF Reader to simply ignore any attached java, effectively rendering you immune to this type of attack.
True, this breaks things for PDFs where java would come in useful, but so far with me, I haven't missed or even noticed the lack of java causing issues.
This post has been deleted by its author
...how this is a problem?
I mainly use Facebook to post funny things I've found while meandering in odd corners of the internet and for occasionally keeping in touch with people I don't often see.
If this kept a few of the idiots off Facebook it would be a more pleasant place!