PDF Reader As Possible Launch Platform for Malware

Remember the old days when we thought that Word documents were safe from viruses due to the assumption that they didn’t contain any piece of executable code? The sudden appearance of macro viruses proved us to be wrong back then.


The same thing could be happening right now for PDF files that can be read by Adobe Reader. Adobe Reader 7.0 has a functionality that allows the execution of JavaScript code present in a PDF file.


It is also possible for aplication to automatically open a website using the browser if there are links contained within the PDF document. A couple of specially-crafted PDF documents has proven this for us. It is no question that this extended functionality would eventually bring about PDF document borne malware that can access URLs and download possibly malicious files into the affected system. A possible drawback here (on the side of the attackers, that is) is that the application issues a prompt first whether the user wants to proceed accessing the website. However, by utilizing social engineering, a creative attacker or malware author can succeed despite that security measure.


Please take note that this is NOT a vulnerability in the said application. It is a functionality that is integrated within the application itself and can be disabled through user preferences in the Edit menu. By disabling javascript, execution of possible malicious code in the PDF document can be avoided. Although we have not yet seen any malware which is capable of using this method as of now, it’s better to be on guard always.