PDF Virus Threats: Tips on How to Avoid Them and Protect Yourself

PDF Virus Threats: Tips on How to Avoid Them and Protect Yourself
Page content

The Portable Document Format (PDF) was originally created by Adobe, and PDF files are generally opened and read using Adobe Reader—a free reader that allows users to view documents created with the Adobe Acrobat program. Other companies or groups have developed free alternative programs that can be used instead of Adobe Reader and Acrobat. Examples include Sumatra PDF, Foxit Reader and Nuance PDF Reader.

People can create a PDF file with text and images, or they can take advantage of certain features to add JavaScript code. A PDF plug-in is often added to web browsers to make it more convenient to view or read a PDF file without having to store it in another location to read or view. Any web page with an embedded PDF file is automatically opened by the browser, if that feature is enabled.

A PDF viewer is installed on many computers (at home and at work). New PCs have a PDF reader installed, and web content creators are using the PDF file format to publish reports, product specifications, forms for customers or subscribers to read, and some application help files. As a result, this has become a popular file format that even malware creators have taken advantage of by spreading PDF viruses. Researchers have found vulnerabilities in PDF viewers and if an exploit is discovered or released, it can be used by criminals or malware creators to infect computers or cause damage and annoyance to users.

Examples of PDF Viruses and Their Threats

Most viruses or malware using PDF files are spread via email, while others will compromise a website to infect computers.

Antivirus vendors have published their discoveries and added detection capabilities to handle PDF virus threats. Below are some of the reports.

  • Troj/PDFEx-DF – A malware PDF file taking advantage of vulnerability of Adobe Reader. The ability of Adobe Reader to open a PDF file that is created to launch a non-PDF file attachments with external applications.

  • A compromised website is used by distributors of rogue or fake antivirus programs to infect visitors of the website by using malicious JavaScript. The applet and JavaScript will then check if a PDF reader plug-in exists in the browser that will allow its malicious PDF file to load.

Adobe Reader is not the only PDF reader that is being affected. FoxIt Reader and Nuance PDF Reader are also vulnerable to PDF viruses. Sumatra PDF is reported to not be affected on the recent launch vulnerability found on Adobe Reader and FoxIt Reader, but Sumatra PDF is not completely free from vulnerability. As we all know, when a program has a vulnerability and exploited code is released, it can cause damage or can be used to attack end-users of the PDF reader.

I personally allow spam into my personal mailboxes because I like to research the new threats that spread via e-mail. Since 2007, I have followed how spammers distributed malicious PDF viruses as attachments and you’ll see my blog about it here and here. I’m glad Windows Secrets subscribers (see cache by Google of the newsletter last November 2007 here) were also informed about this problem to help protect their computers by avoiding unsolicited emails with PDF malware.

How to Protect Your Computer and Data from PDF Viruses

The first thing to do is, if you do not need a PDF program to read or view a PDF file, remove it from your computer. Check the Add/Remove Programs to see if the vendor of your new PC has installed Adobe Reader or any other PDF reader application.

For users who need a PDF reader, follow the guide below to help secure your computer against threats of PDF viruses.

  • Install the current version of the PDF reader program. Using the latest version of the PDF reader with security and bug fixes will help protect from PDF viruses or other attacks using known security flaws.

  • Install the important updates for Windows and all other software, in general.

  • Disable the PDF plug-in for your web browser. You can use the add-on manager in the browser to disable any PDF plug-ins or configure the PDF program to not display PDFs in the browser. If you have the PDF reader by Adobe, open the preferences, select “Internet” in the right-pane, and uncheck the option to display PDF in browser.

    Option to display PDF in a browser

  • Only download PDF files from trusted sources. Take advantage of Enhanced Security settings in Adobe Reader – if your organization often receives PDF files from another company, use the Enhanced Security settings in Adobe Reader by adding the trusted host name or path.

    Enhanced Settings option in Adobe Reader

  • Do not open PDF file attachments if you are not expecting one, or ensure that your antivirus program will scan web content and e-mails for malware or viruses.

  • Configure your PDF reader to not launch non-PDF file attachments with external applications. If you are using Adobe Reader, open the preferences and click “Trust Manager” in the list of categories. Uncheck the box before “Allow opening of non- PDF file attachments with external applications”.

    PDF File Attachments option in Adobe Reader

  • Disable any startup entry of PDF reader programs. This will also help to reduce the boot-time process in Windows in addition to protecting your computer from future attacks on components of Adobe Reader or other PDF viewers.

    Startup Entries of Adobe Reader for Windows

  • Disable Acrobat JavaScript in Adobe Reader’s preferences to protect against future vulnerabilities that use this feature to execute malicious code. You will find this setting by selecting JavaScript in the right-pane of the preferences window.

    Acrobat JavaScript option in Adobe Reader