Reports circulated last week regarding a malvertising attack that may have impacted millions of users of the Plenty of Fish (pof.com) online dating site. According to Malwarebytes, one of the ad networks that use pof.com was used as a key link in an attack chain that ultimately infected visitors' devices with the Tinba banking Trojan.
When everyone talks about how risky the Web is, most of us think in terms of exploits that attack vulnerabilities in content like JavaScript, which peaked in 2013, and Flash, which has been a dominat vector of attack so far this year. The fact that PDF and Microsoft Office documents like Word & Powerpoint permeate the web is something that we don't often notice - until a critical vulnerability like this one shows up. Popular browsers like Chrome and Firefox contain built-in viewers for PDF, which enables document viewing to blend seamlessly with our native Web experience. But easy document viewing can come at a price: A simple click can lead to a document that's potentially weaponized and laden with malware.
