11 Replies Latest reply on Jul 22, 2010 7:42 AM by Fan-Of-Adobe

    SCARY INFO: PDF's infected with Malware/Malicious Code!!

    (Ellen_Morrison)
      I just found out that our precious PDF files can be infected with malware. This is horrible to say the least!!!

      How do people do this, how can they instill the malware into the PDF file? How is it written? I read that when the PDF file is opened, the malicious code is opened / installed and infects the computer..

      How can someone who innocently opens a PDF file prevent this from happening? Should ALL PDF's downloaded from the Net or wherever be scanned first before they are opened? Will our AV software / anti-spyware software find the code and tell us the file is infected if we scan it first?

      I got this info from downloading, opening and then reading a PDf white paper from a reputable source. I get a lot of info about malware from downloaded PDF white papers from sources like Symantec, HP, etc..

      I do ID theft and computer virus protection workshops in my community.

      Please tell me how I can prevent AND protect my / our computer[s] from malicious code in PDF's. It BLEW me away when I read that simple PDF's can contain malicious code.

      Also found out that FLASH [swf's] files can contain malicious code [malware]. We all work in FLASH and I can see how that can happen. Action Script written in the file.

      Also found out HTTPS sites can be broken into and compromised. It's called "Blind SQL Injection." Anyone know about this? Downloaded some white papers on this too. Damn those vicious people for writing this stuff!!!

      Hope you can help me understand this NEW viral dilemma. Thanks in advance,

      Ellen
        • 1. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
          George_Johnson MVP & Adobe Community Professional
          Can you post a link to the white paper that discusses this? If it doesn't answer your questions, I would question its accuracy.

          FWIW, PDFs can contain arbitrary file attachments/embedded files, but they do not automatically launch upon opening the PDF.

          George
          • 2. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
            DimitriM Level 3
            Hi Ellen,

            "I got this info from downloading, opening and then reading a PDf white paper from a reputable source."

            Can you let us know who this reputable source is and where we can view this whitepaper? I'm sure there are many here who would like to read it and then share their opinion. It's difficult to do that without viewing your cited source first.

            Dimitri
            WindJack Solutions
            www.windjack.com
            www.pdfscripting.com
            • 3. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
              gkaiseril MVP & Adobe Community Professional
              A couple of years ago Adobe provided a tool for removing attachments, because some realized one could attach a script or program that could be opened and run from the PDF.

              Adobe has added features like blocking caching and auto complete on the document level. Adobe has also added functionality to allow one to block automatic web access from a PDF. They have also restricted the tracking of PDFs.

              How old is the document. Adobe has been proactive in notifying users about security holes as they are found and provide updates as to procedures or program updates that the user can use to limit or reduce the risk from malware and tracking software.

              Just remember Bill Gates is responsible for publicly releasing more bugs than anyone else. This includes software and living misquotes.
              • 4. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                (Ellen_Morrison) Level 1
                Thanks for responding so quickly. Here's the first link:<br /><B>http://techblog.avira.com/2008/10/en/</B>.<br /><br />The article is dated 10/29/2008, 2nd paragraph:<br /><B><quote> The malicious JavaScript code inside the PDF gets usually triggered by the OpenAction event handler to load it immediately when the document is opened.<quote></B><br /><br />Also, a PDF download from MessageLabs:<br /><B>http://www.messagelabs.com/resources/whitepapers</B><br />It's the third link down on the web page:<br /><B><U>MLI 2008 Annual Report</B></U><br />The year 2008 turned out to be a pivotal year for the cyber security landscape as revolutionary advances in new malware and spam techniques first appeared. These new techniques will continue to develop and transform the "shadow ecomony" over the course of 2009.<br /><br />The PDF is 51 pages [specific info on PDF's is on pages 37-38]. You'll have to "register" to download the PDF, but you can give any info and then click "submit" and you can then download the PDF which is called: MLIReport_Annual_2008_Finalv1.pdf<br /><br />After you all read these, please let me know what you think. I mean, how dangerous is it to open a PDF for crying out loud!!?? ID theft, keyloggers, bots and malicious code [malware] embedded in Java, ActiveX, and JavaScript has made the Net a more dangerous place for the naive. I've become a bit more cautious myself. As a webdev-graphic artist, I'm on the Net daily as we all are. I aint gonna quit because of those "hairballs."<br /><br />Thanks so much and I hope this helps,<br /><br />Ellen
                • 5. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                  George_Johnson MVP & Adobe Community Professional
                  The problem with both of those is very little specifics are given. The first seems to be talking about security holes within the Acrobat or Reader application that have since been patched by Adobe, so the fix is to make sure you apply the patches that Adobe releases.

                  The second appears to be related to file attachments, but these cannot be automatically extracted and/or launched by JavaScript code within a PDF document without the user's knowledge and approval, which seems to be what is implied in that whitepaper.

                  The user might be tricked into extracting and launching a file attachment, but that's a different matter and really no different than malicious email attachments.

                  George
                  • 6. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                    (Ellen_Morrison) Level 1
                    Just want to make sure . . . We all get Acrobat Products [Reader esp.] updates/patches and download & apply them.

                    So, patch applied --- no chance of getting malicious code/malware from the downloaded AND opened PFD? Just want to know if it's possible. I/we download and open them ALL the time. I rarely click any links w/in them. When I'm teaching a class on ID theft/Computer Virus Protection, what do I tell the class? Advise not to click links w/in the PDF? Scan it first B4 opening after download?

                    Is it really safe and "not to worry?" All that I had you read is "hogwash?" Just a "go ahead" would suffice. Just want to know what to do.

                    Thanks,

                    Ellen

                    PS: Ya know, I'm glad Adobe bought Macromedia products. Director & Flash are VERY powerful and I think one day, Adobe can create an OS. Just my humble OP. Director & Flash can create programs and have had that capability for years. Would just like to see Adobe compete with Bill in the "Microshaft" area. Look at all the problems folks have w/Vista. Ver 7 is coming out soon. If & when I upgrade, I'll wait till an SP2 for it comes out. Glad Microsoft is supporting XP till 2012/2014.

                    This is just a BTW. No need to comment. Hope I didn't offend any Microsoft die-hards.
                    • 7. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                      George_Johnson MVP & Adobe Community Professional
                      Some versions of the Acrobat family of products have had serious security flaws, and Adobe is usually quick to respond with fixes when they become known. It is certainly possible and probably likely that more will be discovered and exploited in the future, so the threat is always there. But history shows that the threat from Acrobat/Reader is comparatively minor, when comparing to things such as email and web browsers. This doesn't mean the threat can safely be disregarded, but I think it helps to have accurate information and a plan (e.g., automatic updates) to address it.

                      The fix for the file attachment threat is the same for file attachments with email and other potentially harmful content: user education in addition to automated tools such as virus scanners and the like. Users should be made aware that PDFs can contain potentially harmful content that should not be opened/launched unless the source is trusted. Even then, use an updated virus scanner or two, and have a recent and reliable system and data backup.

                      George
                      • 8. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                        (Ellen_Morrison) Level 1
                        Thanks George,

                        Right on all points! Just a BTW, a great program for phishing out spyware & the like [malware] is "SuperAntiSpyware" and you can download it from its namesake. Pro version [I recommend] is only approx.. $25.

                        Again thanks,

                        Ellen
                        • 9. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                          DimitriM Level 3
                          Hi Ellen,

                          I believe the security issue in the avira post was addressed/closed in the last patch Adobe released.

                          Unfortunately nothing is foolproof, spoofproof, or totally secure online, and it seems to get worse all the time. But Adobe ranks on the side of overzealous in regards to the security of PDF. They do respond fairly quickly to anything security related that is reported, and they have tightened security with every release since I've been using PDFs ( so much so that customers complain PDF is not as user friendly, or even usable, anymore).

                          Thanks for sharing the links.

                          Dimitri
                          WindJack Solutions
                          www.windjack.com
                          www.pdfscripting.com
                          • 10. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                            (Ellen_Morrison) Level 1
                            Hi Dimitri,

                            Got lots more links to info on malicious code & malware. Been doing research for years and in conducting the ID theft & computer virus protection workshops, gotta keep up on the devious methods & threats the coders use to try and "infect" the naive. If you want any additional info, let me know. Email me, if ya want.

                            Wish I was a "coder" could understand how they "do it." But I'm just an arteest [graphic artist/webdev/photographer/animator].

                            Thanks to ALL you guys, gotta upgrade Acrobat to latest version,

                            Ellen
                            • 11. Re: SCARY INFO: PDF's infected with Malware/Malicious Code!!
                              Fan-Of-Adobe

                              I have asked this Question yesterday, I didn't knew this is an old issue.

                               

                              http://forums.adobe.com/message/2993195#2993195.

                               

                              I am running Acrobat Pro and it's updated regularly I guess and I am on the latest version I guess...

                               

                              So am I safe or not. I have turned off the Java Script..

                               

                              I asked in my posting above and would like to post it in here as well...

                               

                              We visit alot of sites and read articles etc offline and online. So my question is when we open any pdf offline or online the code is automatically generated or it's only generated when there is a survey kind of stuff like press this or say yes or not button...