Pages

Monday, April 4, 2011

PDF Files Implicated In 65% Of Malware Attacks In 2010

[From Bob Rankin's newsletter]

Can PDF Files Contain Viruses?

Malicious PDF Virus: It's a widely-believed myth that you can only catch viruses and other malware from executable files - files ending in .com, .exe, .bat, and a few other extensions. Many people are surprised to learn they can also be infected by .pdf files - the ubiquitous Portable Document Format, made popular by Adobe.

In fact, PDF files were implicated in more than 50 per cent of malware attacks during 2009, according to researchers at security software developer Symantec. Worse, in 2010, the number rose to 65 per cent. PDF files are becoming the "vector of choice for delivering malware," it seems.

It makes sense, from a hacker's standpoint. Most people don't think a PDF file can do any harm, so they let their guards down and open PDF files without knowing the sender. People tend to trust the familiar, and virtually everyone is familiar with PDF files and the Adobe Reader software for viewing them.

Unfortunately, the PDF format has been enhanced to include capabilities that (unwittingly) made insertion of malware much easier than it used to be. Objects can be inserted into PDF files that may include executable code such as Javascript applets. Such code is allowed to enable advanced forms-editing and other features of PDFs, but it also opens the door to malicious code inserted by hackers. Malicious code may instigate stack overflows which give the hacker access to all of your computer's resources, or it may automatically download another payload from a hacker's site without your knowledge.

How Do Malicious PDFs Attack?

One example is the "ransomware" installed by a malicious PDF file that encrypted all of the personal documents on a user's hard drive, and then displayed a demand for $120 to unlock the files. Security researchers at Sophos urge users not to give in to ransom demand; if you do, it's possible the hacker will simply demand more money. But the only way to get your files back is from a backup copy which you hopefully have.

PDFs are often sent to consumers by sources they trust, and so people don't think twice about opening them. In one instance, hackers gained control of the email server of pet supplies vendor VioVet and sent bogus discount coupons to all of the companies customers. When recipients followed the instructions to claim their rewards, they actually downloaded malware that infected their computers.

Banks, insurers, and even the IRS commonly use the PDF format for downloadable forms and reports, or to email statements to customers. If one of these sensitive institutions was breached, it could spell financial disaster for millions of people.

To counter malicious PDFs, Adobe Systems, developer of the PDF format, updated its Adobe Reader program to include a "Protected Mode" which implements sandboxing technology. Enabled by default in Adobe Reader X and later versions, Protected Mode limits access to Windows system resources by executable code embedded in PDFs. It won't allow such code to make changes to your system.

There are some further steps you can take to tweak Adobe Reader, that will minimize your exposure to malicious code. This article from About.com details the Adobe Reader settings you need to change. Alternatives to Adobe Reader, such as the free Foxit Reader, also have security settings that can be tweaked to minimize malware risks. (See my related article Alternatives to Adobe Reader.)

Regardless of which PDF reader you use, it's a good idea to keep the software updated. If the program notifies you that a newer version or a security patch is available, download and install it promptly. You can also visit the developer's website to see if you have the latest version of the software, and follow any steps they recommend to protect yourself from malicious PDF files.

0 comments:

Post a Comment