Can a .PDF contain malware?

[stockhausen]

As title really. I was always under the impression that it was not possible for a .PDF to contain any form of malware. However, doing a Google search suggest that a .PDF can contain dynamic elements such as JavaScript.

I am aware that Adobe seem to release a new version of Acrobat almost weekly but I would have assumed that they would make certain that no dynamic code can be executed without the user's express permission.


So, to elaborate "Can a .PDF file contain malware that can infect a system without the user's knowledge?"

 

[Randomface74]

Yes. I work with PDF as software engineer.
I've seen examples of PDF that run an executable.
I've seen examples of PDF that ramp your CPU to 100% when you open them.
"PDF" isn't really a thing, there are different versions of it.
PDF can be created or viewed with many different programs, with various standards, frequency of update, and incompatibility with each other.

 

[bledd]

PDFs can contain scripts or dodgy URL links.

 

[stockhausen]

Yes. I work with PDF as software engineer.
I've seen examples of PDF that run an executable.
I've seen examples of PDF that ramp your CPU to 100% when you open them.
"PDF" isn't really a thing, there are different versions of it.
PDF can be created or viewed with many different programs, with various standards, frequency of update, and incompatibility with each other.

PDFs can contain scripts or dodgy URL links.

Many thanks for this both.

I believe that there are other programs that will allow (READ ONLY) access to.PDFs - are you aware of any that are safer to use than Adobe Acrobat DC?

 

[jpaul]

The question is perhaps which is the most resilient pdf reader protecting against illicit content. - personally use PDF-Xchange or inbuilt in google,
suggst here that sandboxing in google maybe a good attribute.
edit - I wouldn't use adobe itself ... bloated

you have to check someone has not hacked the pdf content too ...recent cases of bank details changed in pdf invoices

 

[Randomface74]

Many thanks for this both.

I believe that there are other programs that will allow (READ ONLY) access to.PDFs - are you aware of any that are safer to use than Adobe Acrobat DC?

Afaik adobe acrobat is the safest assuming updates are installed. I also think it's the only pdf app of sufficient quality for use in a business setting. I get tons of complaints about pdfs not looking right and it's always caused by some other pdf creator/reader.

 

[Semple]

The question is perhaps which is the most resilient pdf reader protecting against illicit content. - personally use PDF-Xchange or inbuilt in google,
suggst here that sandboxing in google maybe a good attribute.
edit - I wouldn't use adobe itself ... bloated

you have to check someone has not hacked the pdf content too ...recent cases of bank details changed in pdf invoices

In that case though, shouldn't the end user be encrypting the PDF so that the contents cannot be changed. I've had various things payslips/invoices etc over the years that have been encrypted.

 

[jpaul]

In that case though, shouldn't the end user be encrypting the PDF so that the contents cannot be changed. I've had various things payslips/invoices etc over the years that have been encrypted.

with a PGP key ? I like some of the self-encryption apps, where you ring someone up with the pswd, but, some folks firewalls don't let them pass

Afaik adobe acrobat is the safest assuming updates are installed

if you disable javascript ?
if googles telling the truth - don't like this either acrobat pro dc 2018

The concern here is that when we launch the shortcut we get the social account sign in option like Facebook and Google which should not be displayed. Request you to please check from your end, is there any way to disable the social options when license information is not part of the package?? Your assistance will be very helpful in getting this resolved.

 

[bledd]

SumatraPDF because it simply doesn't support many of the advanced features, making it safer.

 

[stockhausen]

SumatraPDF because it simply doesn't support many of the advanced features, making it safer.

I take your point about reduced (probably unwanted) features :
A download of Adobe Acrobat Reader DC Version 2019.010.20069 runs to 156 MB
SumatraPDF Version 3.1.2 come in at just 4.63 MB!
The latter sounds good to me

 

[FloppyPoppy]

Would it not be fair to say anything on a pc can have something malicious attached to it? Isn't one of the main ways of hitting people with rat infections to make the infected file and then attach any legitimate file on top of it followed by encrypting it?

 

[Raumarik]

SumatraPDF because it simply doesn't support many of the advanced features, making it safer.

Brilliant utility, wish my work would dump adobe reader for it..

 

[stockhausen]

Would it not be fair to say anything on a pc can have something malicious attached to it? Isn't one of the main ways of hitting people with rat infections to make the infected file and then attach any legitimate file on top of it followed by encrypting it?

I think that this may be a bit "sweeping". I dare say that it is possible (in theory) to do this but you would still have to persuade the "victim" to open / run the infected file.

What I was more interested in was whether a .PDF could contain (or hide) malicious executable code - it appears that it can - the follow-on question was how one can avoid this.

There are many .PDF documents available from seemingly reputable sources on the Web - for example the User Manual for a Motherboard / Graphics card / washing machine / home thermostat / whatever.

 

[stockhausen]

I think, if you wish, you can embed a virus in any file format. In addition, the virus can be renamed to any format. By mistake it can be run. Now I check all the files downloaded from the Internet.

How exactly do you execute this check of "all the files downloaded from the Internet"?

Renaming is another issue; surely Windows file associations will determine how a file is handled - in the case of a .PDF, typically by Adobe Acrobat (although I am now experimenting with Sumatra).

Surely this is the point of anti-virus software?

 

[mysticsniper]

I use pdf-parser to investigate dodgy looking pdf documents.

You can download it from github - https://github.com/smalot/pdfparser

 

[Glanza]

Certainly can, all our email systems for ourselves and clients have sandboxing on attachments and they pick up .pdfs up that have malicious payloads embedded.

 

[Rroff]

I've seen plenty of people happily double click document.pdf.exe (with a pdf file icon) - one of the reasons I don't hide file type extensions.

Any document potentially can be malicious if the software opening it has something which can be exploited such as buffer overruns from loaded data.