Any form of digital document can be used to deliver malware to infect a recipient's computer, providing criminals with access to files and personal data. Whereas Microsoft Word and Excel files, and the macros and programming they can contain, were once the document types most commonly used for spreading these infestations, Adobe PDF documents have gained in popularity as means of attack because of their widespread use.
Along with links to sources of malware, PDF files can contain actual viruses or trojans embedded within otherwise legitimate code. When an unwary user double-clicks on the file to open it, a script unpacks the malware and installs it. These infestations can turn the infected PC into a bot enrolled within a network used in denial of service attacks on major websites or redirect personally identifiable information to crooks and thieves.
Adobe Systems issues frequent updates to its free Adobe Reader and paid Adobe Acrobat software packages to prevent loopholes and exploitable vulnerabilities from providing attack vectors for fraudsters. At the same time that you keep your Adobe software up to date, it's important to avoid trusting files from unknown sources and to subject all email attachments to skepticism. Along with vigilant common sense, your best line of defense against infected and bogus PDF files comes in the form of anti-malware and anti-virus software.
- Windows IT Pro: PDF Malware Mitigation
- Computer Forensics and Incident Response: How to Extract Flash Objects from Malicious PDF Files
- Threat Post: New Mac OS X Trojan Imuler Hides Inside Malicious PDF
- Trend Micro: Malicious .PDF File Abuses Launch Feature
- FireEye: Analysis of Malware Page
- Sophos: The Rise of Document-based Malware
- Ask Bob Rankin: Malicious PDF Files
- Committee to Protect Journalists: That Nobel Invite? Mr. Malware Sent It
- EWeek: PDF Malware Using New Tricks to Exploit Vulnerability
- SANS: PDF Malware Overview
- Justin Sullivan/Getty Images News/Getty Images