PDF is convenient file format to share documents. It is widely used for personal as well as official communication channels. Its popularity makes it target of malware attackers. Though not always vulnerable and infected but some PDFs can have virus or another hidden malware.
Being the most common email attachment, PDF is commonly targeted to breach computer networks. Advanced forms of PDF malware are not easily detectable by Secure EMail gateways.
How are PDFs Infected?
PDF is a powerful document which contains static elements (images and text), dynamic elements (forms) and embedded signatures. These elements are necessary to make document visually appealing and consistent, there is a darker side to it.
System Commands – Launch action in PDF can open Command window and execute commands to initiate malware. Most of the commands have now been disabled by Adobe but they might be open in other readers or earlier versions.
Hidden Objects – PDFs can have embedded and encrypted objects which prevents being analyzed by antivirus scanner. These objects are executed when file is opened by the user.
Multimedia Control – When we say PDF can have embedded objects, it could be a quicktime media or flash file. Attacker can exploit vulnerability in media players.
How to Check PDF Virus?
If you ever receive any PDF from any untrusted sources, it is recommended to scan the file before opening it. Email providers like Gmail have inbuilt malware scanner for file attachments. They implement the technology of VirusTotal so you can be assured.
Lastly once you have file downloaded on computer, make sure you have real time anti-malware protection. It will be your second layer of defense to detect unknown malware and protect if something still goes wrong.
How to Protect from PDF Virus?
2. Do not allow PDF reader to execute Non-PDF files using external application.
3. Disable PDF reader from Startup programs of Windows.
4. Keep Macros disabled. Malicious files might persuade you to enable but you should not unless very much necessary.
5. Do not download or open file attachment sent by unknown email sender.
6. Ensure Windows OS, PDF reader program and Antivirus is up to date.
7. Backup regularly and keep it encrypted.
Whether a PDF has a virus or not, it does not solely depend on the file extension. It also depends on the vulnerabilities in the software which will be parsing it. For example, PDF reader that you are using potentially contains a buffer overflow vulnerability, then an attacker can construct a special PDF file to exploit that vulnerability.