Malicious PDF files and How to Protect From These?

Portable Document Format (PDF) is a digital file format for sharing content on devices like computers, phones, tablets, and other e-readers. But how secure is the PDF file? Being popular for publishing content that includes text, images, hyperlinks, form-fields, rich media, signatures, and attachments, PDF files are often targeted by malware to compromise host devices and networks. In case, where PDFs are sent as email attachments, the malware can affect the mailbox as well as the host computers where these PDFs are downloaded and opened.

PDF Vulnerabilities and their Effects

So how are PDFs infected? To understand this, we need to have a look at some powerful and hidden features of PDF file format. These include support for Javascript, dynamic elements in the shape of Forms, and embedded signatures.

JavaScript: Most PDF generators convert HTML, CSS and Javascript to PDF files. This can be used to load external resources, by executing the JavaScript in a headless browser that is the usual choice for execution when a PDF is generated. Loading of these hosts is usually accessible internally and can have severe effects this way.

Encrypted Objects: The support and presence of encrypted objects stop antivirus scanners from detecting these malicious objects and are executed when the PDF files are opened.

Launch Actions: Though not supported in most PDF readers these days, launch actions in PDF files have been exploited in the past to open the Command Window and execute commands to initiate malware. Adobe has taken care of such commands altogether.

Effects of Infected PDF Files

The above features make PDF file format powerful but at the same time, these powerful features can be the reason for problems as well such as:

  • Denial of Service – Opening infected PDF file freezes the PDF viewer or halts the entire system by using the Deflat Bomb Technique
  • Information Disclosure – Infected PDF file reads information such as the system IP and leak it via network
  • Code Execution – In earlier versions of PDF readers, some PDF files were able to execute code, resulting in abnormal behavior

How to Protect from Malicious PDF?

Following are few tips that can help protect from malicious PDF files.

  1. Disable JavaScript execution in Adobe Reader to avoid loading of external resoruces.
  2. Stop PDF readers to execute non-PDF files
  3. Ensure that the antivirus is upto date and active during any attachments download from emails
  4. Avoid opening PDF attachments sent by unknown email sender
  5. Ensure that the file you are thinking of as PDF is not any malicious executable in actual

Conclusion

PDF file format is the obvious choice of sharing content but not all PDFs are trustable. Most novice users don’t have deep knowledge about the possibility of attacks that can be carried out using PDF file format and may fall victim to such exploits. The ideal solution is to use Adobe Reader software for opening PDF files as Adobe keeps updating its software to handle any such vulnerabilities found with time.