PDFs Are Safe, Right? Not Anymore

DocuCrunch logoDocuCrunch
PDFs are safe, right?  Not anymore

There’s something about PDF files that makes users think they’re safe to open. And that’s exactly why they’ve become one of the preferred malware delivery vehicles for hackers.

That’s the warning from Appligent Software CEO Duff Johnson, one of the experts on the file format and document management.

The worst thing is that most users and IT staff treat PDF files as somehow different from other files. Although they’re the most commonly used format for archiving and file sharing, PDF files are as capable of being corrupted with malware as damaging as found in the most pernicious spam or corrupt Office file.

This didn’t use to be the case, notes Johnson, but over the last few years, hackers have turned their attention to this widely used and seemingly safe format. He links to an IBM Threat Report that documents this growing problem.

According to some research, PDFs represent the biggest malware threat companies face right now. For example, a report by security firm ScanSafe found that in the fourth quarter of 2009, 80% of all exploits targeted flaws in Adobe’s PDF software. At the time, those flaws were getting a lot of attention, leading hackers to put more effort into exploiting them.

And earlier this year, we reported on another attack that didn’t make use of a security bug, but rather exploited PDF documents’ ability to run embedded executable files.

PDF attacks usually occur when users are tricked into opening a file, often one that uses embedded JavaScript or Flash content that interacts with a remote server.

Key steps for companies:

  1. IT departments have to get up to speed on the latest PDF threats, just as they keep current on e-mail threats.
  2. End users should learn to treat PDF files the same as any file — don’t open it if you are unsure of its origin.
  3. Update PostScript viewing software (generally Adobe Viewer) as soon as it is released — Adobe is constantly working on responding to the latest threats.
  4. Considering using alternative PDF viewers that are less common than Adobe, and therefore may be less susceptible to attacks.
  5. You may want to consider disabling Flash and JavaScript in your PDF readers. At least one major company surveyed said that they only permit JavaScript as an exception.