On Wed, 2015-02-11 at 09:27 -0500, James B. Byrne wrote:
Most phishing sites do not resemble anything like what one might expect. That is why they work. Truly, with network security you really, really have to develop a pathological paranoia about files with unknown origins or you might as well give up on security at all.
PDFs are known vectors for malware. They have been exploited in the past and no doubt will be exploited in the future. A PDF file is a postscript computer language program with embedded data. Nothing more. But nothing less either. Given the network awareness of some pdf reader software they are also potential data leaks and web beacons.
That said, I readily admit that the risk posed by this particular example is low. But, it is not zero. And depending upon the platform the file is copied to any non-zero risk, no matter how small, may be too much.
I might put such a file on a stand-alone laptop but I would never put it on anything that connected to my networks. I certainly would not place it on anything that did not possess a fairly robustly constructed firewall with strict limits on outgoing traffic.
I viewed the Russian site from a machine with *NO* network connections.
I sincerely appreciate your well articulated concerns and thank you for them. I am certain others reading your posting will now be increasing aware of the constant dangers which await everyone.
In my experience a major method of compromising machines is to send naive users an email from Amazon, Ebay, their bank - and in the last few days from all around the world from "amoricanexpress.com" - instructing the recipient to urgently open the accompanying .zip and read the message. Our incoming mail filtering (implemented on Exim) removes more than 99% of spam and crap. Our servers yesterday accepted the first junk mail of this year. It was deleted not read.