The Portable Document Format (PDF) was originally created by Adobe, and PDF files are generally opened and read using Adobe Reader—a free reader that allows users to view documents created with the Adobe Acrobat program. Other companies or groups have developed free alternative programs that can be used instead of Adobe Reader and Acrobat. Examples include Sumatra PDF, Foxit Reader and Nuance PDF Reader.
A PDF viewer is installed on many computers (at home and at work). New PCs have a PDF reader installed, and web content creators are using the PDF file format to publish reports, product specifications, forms for customers or subscribers to read, and some application help files. As a result, this has become a popular file format that even malware creators have taken advantage of by spreading PDF viruses. Researchers have found vulnerabilities in PDF viewers and if an exploit is discovered or released, it can be used by criminals or malware creators to infect computers or cause damage and annoyance to users.
Examples of PDF Viruses and Their Threats
Most viruses or malware using PDF files are spread via email, while others will compromise a website to infect computers.
Antivirus vendors have published their discoveries and added detection capabilities to handle PDF virus threats. Below are some of the reports.
- Troj/PDFEx-DF – A malware PDF file taking advantage of vulnerability of Adobe Reader. The ability of Adobe Reader to open a PDF file that is created to launch a non-PDF file attachments with external applications.
Adobe Reader is not the only PDF reader that is being affected. FoxIt Reader and Nuance PDF Reader are also vulnerable to PDF viruses. Sumatra PDF is reported to not be affected on the recent launch vulnerability found on Adobe Reader and FoxIt Reader, but Sumatra PDF is not completely free from vulnerability. As we all know, when a program has a vulnerability and exploited code is released, it can cause damage or can be used to attack end-users of the PDF reader.
I personally allow spam into my personal mailboxes because I like to research the new threats that spread via e-mail. Since 2007, I have followed how spammers distributed malicious PDF viruses as attachments and you’ll see my blog about it here and here. I’m glad Windows Secrets subscribers (see cache by Google of the newsletter last November 2007 here) were also informed about this problem to help protect their computers by avoiding unsolicited emails with PDF malware.
How to Protect Your Computer and Data from PDF Viruses
The first thing to do is, if you do not need a PDF program to read or view a PDF file, remove it from your computer. Check the Add/Remove Programs to see if the vendor of your new PC has installed Adobe Reader or any other PDF reader application.
For users who need a PDF reader, follow the guide below to help secure your computer against threats of PDF viruses.
- Install the current version of the PDF reader program. Using the latest version of the PDF reader with security and bug fixes will help protect from PDF viruses or other attacks using known security flaws.
- Install the important updates for Windows and all other software, in general.
Disable the PDF plug-in for your web browser. You can use the add-on manager in the browser to disable any PDF plug-ins or configure the PDF program to not display PDFs in the browser. If you have the PDF reader by Adobe, open the preferences, select “Internet" in the right-pane, and uncheck the option to display PDF in browser.
Only download PDF files from trusted sources. Take advantage of Enhanced Security settings in Adobe Reader – if your organization often receives PDF files from another company, use the Enhanced Security settings in Adobe Reader by adding the trusted host name or path.
- Do not open PDF file attachments if you are not expecting one, or ensure that your antivirus program will scan web content and e-mails for malware or viruses.
Configure your PDF reader to not launch non-PDF file attachments with external applications. If you are using Adobe Reader, open the preferences and click “Trust Manager" in the list of categories. Uncheck the box before “Allow opening of non- PDF file attachments with external applications".
Disable any startup entry of PDF reader programs. This will also help to reduce the boot-time process in Windows in addition to protecting your computer from future attacks on components of Adobe Reader or other PDF viewers.