Is there some kind of a sandboxed pdf viewer, that could prevent infected pdf access to the rest of the computer?

From what he describes, the file disguised itself a PDF but may have been an executable instead, so the PDF viewer was probably never launched.

I blame Windows hiding the extension of known files by default.

`anything.pdf.exe` would show as `anything.pdf`

Can't blame people from thinking it's a PDF.

Otherwise, I use SumatraPDF as a viewer. Small, no frills, probably less of a vulnerability target than Adobe Acrobat.

Still, they should've gotten warning prompts for running an untrusted exe when they opened it, wouldn't they? I mean I know people are pretty well conditioned to ignore those, especially gamer geeks who are used to using dubious tools.

I believe the name the program reports for those prompt can be different than the actual filename, allowing an attacker to use the name of adobe reader or some other popular PDF reader instead. If the malicious script launches the actual PDF reader with a legitimate-looking PDF after executing its payload it could be hard to detect