Malicious PDF Files
I got a warning from a co-worker about viruses in PDF files. I always thought that you could only get a virus from a program file, and PDFs are just for viewing. Am I right, or can you really get infected by a malicious PDF file?
Can PDF Files Contain Viruses?
It's a widely-believed myth that you can only catch viruses and other malware from executable files - files ending in .com, .exe, .bat, and a few other extensions. Many people are surprised to learn they can also be infected by .pdf files - the ubiquitous Portable Document Format, made popular by Adobe.
In fact, PDF files were implicated in more than 50 per cent of malware attacks during 2009, according to researchers at security software developer Symantec. Worse, in 2010, the number rose to 65 per cent. PDF files are becoming the "vector of choice for delivering malware," it seems.
It makes sense, from a hacker's standpoint. Most people don't think a PDF file can do any harm, so they let their guards down and open PDF files without knowing the sender. People tend to trust the familiar, and virtually everyone is familiar with PDF files and the Adobe Reader software for viewing them.
How Do Malicious PDFs Attack?
One example is the "ransomware" installed by a malicious PDF file that encrypted all of the personal documents on a user's hard drive, and then displayed a demand for $120 to unlock the files. Security researchers at Sophos urge users not to give in to ransom demand; if you do, it's possible the hacker will simply demand more money. But the only way to get your files back is from a backup copy which you hopefully have.
PDFs are often sent to consumers by sources they trust, and so people don't think twice about opening them. In one instance, hackers gained control of the email server of pet supplies vendor VioVet and sent bogus discount coupons to all of the companies customers. When recipients followed the instructions to claim their rewards, they actually downloaded malware that infected their computers.
Banks, insurers, and even the IRS commonly use the PDF format for downloadable forms and reports, or to email statements to customers. If one of these sensitive institutions was breached, it could spell financial disaster for millions of people.
To counter malicious PDFs, Adobe Systems, developer of the PDF format, updated its Adobe Reader program to include a "Protected Mode" which implements sandboxing technology. Enabled by default in Adobe Reader X and later versions, Protected Mode limits access to Windows system resources by executable code embedded in PDFs. It won't allow such code to make changes to your system.
There are some further steps you can take to tweak Adobe Reader, that will minimize your exposure to malicious code. This article from About.com details the Adobe Reader settings you need to change. Alternatives to Adobe Reader, such as the free Foxit Reader, also have security settings that can be tweaked to minimize malware risks. (See my related article Alternatives to Adobe Reader.)
Regardless of which PDF reader you use, it's a good idea to keep the software updated. If the program notifies you that a newer version or a security patch is available, download and install it promptly. You can also visit the developer's website to see if you have the latest version of the software, and follow any steps they recommend to protect yourself from malicious PDF files.
Have you encountered a malicious PDF? Post your comment or question below...
This article was posted by Bob Rankin on 4 Apr 2011
|For Fun: Buy Bob a Snickers.|
Can a Sandbox Improve Security?
The Top Twenty
Scammed on Craigslist!
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Malicious PDF Files (Posted: 4 Apr 2011)
Copyright © 2005 - Bob Rankin - All Rights Reserved