We do not have a lot of data here, but we just received notification from one of our MajorGeeks Army of techs that there is a PDF virus infecting a number of machines and wanted to get a warning out.

All we know now is some of the PDF's are named Image_(some phrase here).PDF. For example, you may see a file called Image_majorGeeks.PDF. This naming convention is not true in 100% of the cases - some are just random names - but the majority as of right now have been that format.

Once opened the infected PDF will try to download some encrypted items. Microsoft Security Essential does stop these encrypted items. It doesn't stop the PDF from running an embedded executable that will attempt to hijack and ransom the machine.

From testing as of right now, no antivirus app is detecting this new infection up. Our advice is to ignore or quarantine PDF's until something is more known and removals are found. If you have to look at a PDF I would not touch anything that didn't have a correct name, came from a proper trusted, verified source and would only open in in a virtual machine or some other safe place.

This appears different than the one SOPHOS reported on last week where the infection was hidden in a Word doc in the PDF. In this case, a .exe is running with no document.

PDF's are great and have many uses, but with these uses comes thing you can exploit. Here is a video by Dider Stephens for 2010 show how you can run an EXE in a PDF.



As you can see you the user does get a warning message which the user needs to ignore. This dialog box is likely the case with this PDF virus so be careful.

We will update this when we know more.

If you have some photos, screen shots, or know more - please comment below to help the Geeks out.