Can a .PDF contain malware?

[stockhausen]

As title really. I was always under the impression that it was not possible for a .PDF to contain any form of malware. However, doing a Google search suggest that a .PDF can contain dynamic elements such as JavaScript.

I am aware that Adobe seem to release a new version of Acrobat almost weekly but I would have assumed that they would make certain that no dynamic code can be executed without the user's express permission.


So, to elaborate "Can a .PDF file contain malware that can infect a system without the user's knowledge?"

 

[stockhausen]

Yes. I work with PDF as software engineer.
I've seen examples of PDF that run an executable.
I've seen examples of PDF that ramp your CPU to 100% when you open them.
"PDF" isn't really a thing, there are different versions of it.
PDF can be created or viewed with many different programs, with various standards, frequency of update, and incompatibility with each other.

PDFs can contain scripts or dodgy URL links.

Many thanks for this both.

I believe that there are other programs that will allow (READ ONLY) access to.PDFs - are you aware of any that are safer to use than Adobe Acrobat DC?

 

[stockhausen]

SumatraPDF because it simply doesn't support many of the advanced features, making it safer.

I take your point about reduced (probably unwanted) features :
A download of Adobe Acrobat Reader DC Version 2019.010.20069 runs to 156 MB
SumatraPDF Version 3.1.2 come in at just 4.63 MB!
The latter sounds good to me

 

[stockhausen]

Would it not be fair to say anything on a pc can have something malicious attached to it? Isn't one of the main ways of hitting people with rat infections to make the infected file and then attach any legitimate file on top of it followed by encrypting it?

I think that this may be a bit "sweeping". I dare say that it is possible (in theory) to do this but you would still have to persuade the "victim" to open / run the infected file.

What I was more interested in was whether a .PDF could contain (or hide) malicious executable code - it appears that it can - the follow-on question was how one can avoid this.

There are many .PDF documents available from seemingly reputable sources on the Web - for example the User Manual for a Motherboard / Graphics card / washing machine / home thermostat / whatever.

 

[stockhausen]

I think, if you wish, you can embed a virus in any file format. In addition, the virus can be renamed to any format. By mistake it can be run. Now I check all the files downloaded from the Internet.

How exactly do you execute this check of "all the files downloaded from the Internet"?

Renaming is another issue; surely Windows file associations will determine how a file is handled - in the case of a .PDF, typically by Adobe Acrobat (although I am now experimenting with Sumatra).

Surely this is the point of anti-virus software?