Just How Secure Are PDF Files?
November 2nd, 2009. Published under Scams. No Comments.
One of the great things about computers and the Internet is how easy it is to create document files and then share them between machines and users. There are several formats that you can use to create files, the two most popular being word documents and PDF files. Hacker Manipulation Over the past couple of years, however, hackers have found that they can manipulate these types of files. They are now able to hide exploits within these files that can compromise your computer. They also use the knowledge that since these files are so popular, they can disguise a harmful .exe file as a pdf file and people will not question whether it is safe or not. We will hopefully show you that for the most part PDF’s are safe but you still need to be careful with them. These types of files have turned into another attack vector for hackers. In the last 12 months Adobe has released patch after patch trying to protect new vulnerabilities found in pdf files. Buffer Overflow There was the vulnerability that was found that let hackers send an attack to your computer through the use of a buffer overflow created when the PDF file was opened. There was also an attack found a month after that that if you were looking at a PDF file in windows explorer, that was all that was needed for it to attack your computer. You didn’t even have to click on it to activate the attack. This is why you have to be careful with opening all types of files on your computer. Most people, even tech savvy people, have never heard that a PDF can be exploited. So people will download them from strange sites and never ever bother to run an antivirus check on them to see if they are secured. Hackers are using your trustful nature against you in this case. Exploited .exe Files Since people are more trustful with opening a strange PDF file more than .exe file there is an older attack that will exploit the trust factor that I talked about above. This is an old trick of hiding your exploited .exe files as PDF files. They shape the name of the file so that it shows up with an PDF icon on the file. This is an easy attack to spot if you have “show file extensions” turned on in your operating system. Just go into your control panel and then go into the file manager. You will then see the option to turn this feature on. Also you can avoid being trapped by this attack by running a virus scan on the file. Any file that you get over the Internet you should run an antivirus scan on anyway, just to be on the safe side. So I have gone over how a PDF file can be dangerous to your system. Now that you know that there is a risk, hopefully you will not take any file lightly.
