These days, when you click to download a PDF file from the web or your e-mail, your computer may well ask, “Are you really sure??” That happens because PDF files have been getting more and more dangerous lately as they become more and more popular as carriers of malicious software. It used to be that common executable (.exe) files were the carriers of choice for computer malware, but most e-mail software now blocks those. Lately, Portable Document Format has been on the rise as a delivery vehicle for malware. But since PDF is not a programming language, rather a file specifying how to render a page, how do you get it to do malicious things to a computer? The answer is to exploit weaknesses in the software (like Adobe Acrobat Reader) that processes the PDF file; the PDF file itself doesn’t do anything but deliver the exploit.
- The rise of PDF malware (Symantec Connect/Fred Gutierrez) “We have seen an ever increasing use of PDFs for malicious purposes over the past two years. During this time, we have tracked the growth and usage and have been constantly improving our detections to handle the different evolutions of these threats. We see new vulnerabilities related to PDF readers discovered on a regular basis, often being exploited in-the-wild before a patch is available.”
- Adobe patches under-attack Reader bug (Computerworld/Gregg Keizer) “The more notable flaw fixed in Reader 9.4.1 for Windows and Mac OS X was a bug that hackers have been leveraging since late October using malicious PDF documents. Those attacks have taken advantage of a flaw in Reader’s ‘authplay’ component. Authplay is the interpreter that renders Flash content embedded within PDF files. Successful attacks have dropped a Trojan horse and other malware on victimized Windows PCs.”
- OMG WTF PDF: What you didn’t know about Acrobat (27th Chaos Communication Congress/Julia Wolf) “PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V [antivirus] technology is extraordinarily poor at detecting these.”
Common sense fact:
Developers of PDF reader software are constantly changing their software to combat vulnerabilities. The wise computer user keeps her/his software up to date.