Wow... why didn't you guys catch that one?
;)
http://www.gnucitizen.org/blog/danger-danger-danger/
Not to sound like copout,but this really isn’t something products like WI can detect/prevent.
The problem is there is a bug in a client-side program, Acrobat Reader. If someone opens a PDF by clicking on a malicious link, Acrobat does something bad. We cannot stop Acrobat from doing something bad. We cannot prevent someone from clicking on a bad link.
It gets worse. If a user clicks on a link to a PDF that is on a bank's website, and the link has this malicious fragment, the JavaScript that executes is in the domain of the bank. This means it can access the banks cookies, make XmlHttpRequests (Ajax) to the bank using your credentials without your knowledge, or worse. However, the HTTP request sent for the PDF on the bank's website does not contain the URL fragment (ie everything after the #). This means the bank cannot even implement a web application firewall or IDS rule to not serve a PDF.
Adobe has essentially backdoored every single website on the Internet that hosts a PDF. Regardless of how much security you have implemented, it is completely sidestepped.
The only thing WI could is scan a website to make sure someone has not posted a malicious hyperlink to a PDF. This would really only benefit websites that allow users to submit hyperlinks. Even then, all WI can do is protect a website from acting as an accomplice in this attack.