Malicious PDF Files

Category: Security

I got a warning from a co-worker about viruses in PDF files. I always thought that you could only get a virus from a program file, and PDFs are just for viewing. Am I right, or can you really get infected by a malicious PDF file?

Can PDF Files Contain Viruses?

It's a widely-believed myth that you can only catch viruses and other malware from executable files - files ending in .com, .exe, .bat, and a few other extensions. Many people are surprised to learn they can also be infected by .pdf files - the ubiquitous Portable Document Format, made popular by Adobe.

In fact, PDF files were implicated in more than 50 per cent of malware attacks during 2009, according to researchers at security software developer Symantec. Worse, in 2010, the number rose to 65 per cent. PDF files are becoming the "vector of choice for delivering malware," it seems.

It makes sense, from a hacker's standpoint. Most people don't think a PDF file can do any harm, so they let their guards down and open PDF files without knowing the sender. People tend to trust the familiar, and virtually everyone is familiar with PDF files and the Adobe Reader software for viewing them.
Malicious PDF Virus

Unfortunately, the PDF format has been enhanced to include capabilities that (unwittingly) made insertion of malware much easier than it used to be. Objects can be inserted into PDF files that may include executable code such as Javascript applets. Such code is allowed to enable advanced forms-editing and other features of PDFs, but it also opens the door to malicious code inserted by hackers. Malicious code may instigate stack overflows which give the hacker access to all of your computer's resources, or it may automatically download another payload from a hacker's site without your knowledge.

How Do Malicious PDFs Attack?

One example is the "ransomware" installed by a malicious PDF file that encrypted all of the personal documents on a user's hard drive, and then displayed a demand for $120 to unlock the files. Security researchers at Sophos urge users not to give in to ransom demand; if you do, it's possible the hacker will simply demand more money. But the only way to get your files back is from a backup copy which you hopefully have.

PDFs are often sent to consumers by sources they trust, and so people don't think twice about opening them. In one instance, hackers gained control of the email server of pet supplies vendor VioVet and sent bogus discount coupons to all of the companies customers. When recipients followed the instructions to claim their rewards, they actually downloaded malware that infected their computers.

Banks, insurers, and even the IRS commonly use the PDF format for downloadable forms and reports, or to email statements to customers. If one of these sensitive institutions was breached, it could spell financial disaster for millions of people.

To counter malicious PDFs, Adobe Systems, developer of the PDF format, updated its Adobe Reader program to include a "Protected Mode" which implements sandboxing technology. Enabled by default in Adobe Reader X and later versions, Protected Mode limits access to Windows system resources by executable code embedded in PDFs. It won't allow such code to make changes to your system.

There are some further steps you can take to tweak Adobe Reader, that will minimize your exposure to malicious code. This article from About.com details the Adobe Reader settings you need to change. Alternatives to Adobe Reader, such as the free Foxit Reader, also have security settings that can be tweaked to minimize malware risks. (See my related article Alternatives to Adobe Reader.)

Regardless of which PDF reader you use, it's a good idea to keep the software updated. If the program notifies you that a newer version or a security patch is available, download and install it promptly. You can also visit the developer's website to see if you have the latest version of the software, and follow any steps they recommend to protect yourself from malicious PDF files.

Have you encountered a malicious PDF? Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 4 Apr 2011


For Fun: Buy Bob a Snickers.

Prev Article:
Can a Sandbox Improve Security?

The Top Twenty
Next Article:
Scammed on Craigslist!

Most recent comments on "Malicious PDF Files"

Posted by:

Bob.D
04 Apr 2011

Does this only apply to Microsoft? Can pdf's attack Mac's? Have there been any reported cases?

EDITOR"S NOTE: Yes, Macs running OS X can also be vulnerable.


Posted by:

Bruce Wheelock
04 Apr 2011

Is worth noting that there is a known incompatibility with Adobe Reader X and all versions of Dragon NaturallySpeaking.

Information is found here: http://nuance.custhelp.com/app/answers/detail/a_id/6224/~/sendkeys-error-or-hookkerr_nonotify-error-appears-randomly-while-dictating


Posted by:

Jeri
04 Apr 2011

I had trouble with Adobe Reader X. Trouble like, very slow to open and when the pdf finally did open I could not save my PDF. It just did not operate properly. So I went back to 9.
It works great.


Posted by:

Shelley
05 Apr 2011

If I make the recommended changes to Adobe will it work differently on my computer?


Posted by:

Stewart
05 Apr 2011

"Have you encountered a malicious PDF?"

Yes, couple of weeks back in an email zipfile from 'UPS' with details of a delivery. I was a little suspicious but was expecting a package [no idea of delivery company].

The file passed a virus scan but when I opened the PDF all hell let loose!

Disconnected the internet, put the file into the recycle bin, selected 'system restore' to back a couple of places and re-booted the PC. Then ran a virus scan and used CCleaner to check.

No evidence of any compromise since then.


Posted by:

MmeMoxie
05 Apr 2011

Bob, thank you for this informative article! I am extremely cautious when it comes to protection and I also, thought that PDF files were some of the safest around. Knowing the history of hackers, I should have known better.

I haven't been using Abode Reader, for quite some time now. I love Foxit Reader. It is quick, takes less resources, easy to install and use. I will just have to make sure that my security settings for Foxit Reader is for more secure reading.

In reading this article, I am also 'trialing' PDF-Viewer. I like it, though it's interfacing is a bit different than Adobe or Foxit Reader. It is still easy to use and figure out.


Posted by:

tumelo tlamelo
05 Apr 2011

good article,i have learned a lot from it


Posted by:

frank
05 Apr 2011

Is there a way to set up a home network with a droidx and a DISH vip722k receiver without a phone land line?77


Posted by:

racecar56
06 Apr 2011

There's another PDF reader called Sumatra PDF that might not be affected. If I have to use a Windows system, I'd use that instead of Adobe's piece of junk.


Posted by:

dan
06 Apr 2011

If I use Foxit reader (not Adobe reader) is there any treat?


Posted by:

Barbara
08 Apr 2011

In my work, I mark up and post comments on edit-enabled PDFs in Acrobat Reader. After installing Reader X, I had a nasty surprise and lost a lot hours because the markups and comments (which I religiously saved as I went along) were all wiped out the next time I opened the document. Uninstalling and reinstalling produced the same result.

I also hate the new Reader interface. The commenting and editing tool palettes are off to the side and can only be opened one at a time instead of all at the top, and the "Find" box was hidden in a menu and couldn't be docked to the toolbar on top.

Per a colleague's advice, I uninstalled X and reinstalled Acrobat 9, and have had no more trouble, except for having to cancel all those pesky update reminders from Adobe.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Malicious PDF Files (Posted: 4 Apr 2011)
Source: http://askbobrankin.com/malicious_pdf_files.html
Copyright © 2005 - Bob Rankin - All Rights Reserved