Results 1 to 3 of 3

Thread: [SOLVED] ClamTK found viruses - van pdf be virus

  1. #1
    Join Date
    Mar 2008
    Beans
    189
    Distro
    Ubuntu

    [SOLVED] ClamTK found viruses - van pdf be virus

    I launched my ClamTk and found three viruses. On my surprise, when i looked into quarantine, i saw three pdf files. Can pdf be a virus?

    My examples in quarantine:
    xxx.pdf.VIRUS

    Each file in the end content .VIRUS, as shown by example. Are these really viruses?

    When do i use false positive
    Thanks for answers
    Last edited by Kognit; May 3rd, 2008 at 07:49 PM.

  2. #2
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Beans
    1,393
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: ClamTK found viruses - van pdf be virus

    Quote Originally Posted by Kognit View Post
    I launched my ClamTk and found three viruses. On my surprise, when i looked into quarantine, i saw three pdf files. Can pdf be a virus?

    My examples in quarantine:
    xxx.pdf.VIRUS

    Each file in the end content .VIRUS, as shown by example. Are these really viruses?

    When do i use false positive
    Thanks for answers

    A file can be named anything and still be a virus, even if its not in actual pdf format. I do recall that some viruses are able to spread via pdf though. The adobe pdf format is capable of carrying embedded scripting for one thing, which could be used as an avenue of execution for a virus.

  3. #3
    Join Date
    May 2008
    Beans
    3

    Re: [SOLVED] ClamTK found viruses - van pdf be virus

    At the moment several malware authors are using PDF exploits to attack vulnerable computers.

    I've seen three different ones the last week.

    The PDFs contain a javascript which triggers a vulnerability in acrobat. Malware is either included in the PDF as executable to be dropped or is downloaded.

    The PDFs are a danger to windows users. But similar attacks would be possible on linux. Trust your AV software and check suspicious files on http://www.virustotal.com .
    Expect only a few vendors to detect it, the criminals are optimizing their malware on a daily basis to avoid detection.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •