The popular Adobe Reader is a favorite target of online crooks, according to Mikko Hypponen, chief research officer with antivirus company F-Secure. And for better security you should ditch Reader and go with a free alternative, he says.
"Adobe Reader is the new Internet Explorer," Hypponen said at today's RSA security conference in San Francisco. He referred to the time when Internet Explorer 6's less-than-steller security reputation led many security gurus to suggest using an alternate browser.
Malware-pushing bad guys increasingly target Adobe Reader flaws, Hypponen says. In 2008, from Jan. 1 through April 16, F-Secure saw PDFs used in 128 dangerous drive-by attacks.
This year, during the same time frame, the company has seen 2,305 drive-by's using PDFs. Such attacks go after a vulnerable Reader browser plugin, Hypponen says.
Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail.
Hypponen didn't recommend any particular alternative program, but suggested heading to pdfreaders.org for a list of free apps. He did point out that at the time of IE 6's security infamy, many switched over to using Firefox. And as that browser gained significant market share, it also drew the hacker's eye.
His hope, he says, is that people use a variety of alternate PDF readers and thereby fly under the bad guys' radar.