portable document format PDFs - In a Nutshell / Safe or Not

[SURbit]

Two parts to this post -
First explaining short version of what a PDF is and the convence , and Second how safe are they really.

Portable Document Formats, or “PDFs,” are a convenient way to share and present documents for personal
and business aptitudes.

PDFs are an Adobe Systems development, and they have become a very useful and simple way to make sure
that the documents you need are accessible and usable no matter what system you may be operating with.

PDFs were first introduced by Adobe in 1993 and there have been many updated and advanced editions.
Adobe PDFs have grown and adapted to new innovations in technology, and your business can utilize PDFs
in a way that will streamline communications.

When it comes to the creation of Portable Document Formats, there are many software options.
Many systems have been updated to include a PDF-creation feature as well.
Microsoft Windows, WordPerfect, LibreOffice, are just a few examples of systems that can create PDFs.

As PDFs have become more versatile and easy-to-use, the options for creating them and printing them
have expanded as well.
Raster image processors can image PDFs onto paper and other mediums in a process called rasterization.
Printing capabilities are also available among different systems, including those built into Linux and
Mac OS X.

At some point, you’re probably going to want to edit or annotate a PDF.
Perhaps you’re receiving a document that needs commentary and editing or there are alterations that
need to be made in order to pass the file on.

Editing is possible of a PDF, as is annotating.
These functions can be enabled through additional special software.
Some of such special software - Serif PagePlus, Inkscape, Poppler, FileCenter and Adobe Acrobat all
allow editing and annotations of PDFs.
Adobe Acrobat is probably the most multipurpose and broadest of these special software, as it is a
proprietary of Adobe itself.

PDFs can also be encrypted as well for protection of sensitive information. If needed, you can set up
your PDF to require a password upon opening.
That way, only specific users can access and/or edit the information in the document.

Another key aspect of PDFs has to do with metadata, which is essentially data about your data.
It is information about the contents of the PDF.

PDFs have two types of metadata.

One is the Document Info Dictionary, which contains information such as author, creator, subject,
title, and other categorical info.

Second is the Extensible Metadata Platform, which allows data to be attached to any stream—images,
embedded illustrations—in the PDF.
This Extensible Metadata Platform is connected to the log at the end of the document.

PDFs can help streamline your communications because they reduce the number of middlemen,
i.e. the number of software systems that are needed as an intermediate step in order to open a PDF.

PDFs are so convenient and easy-to-use as well as storing information, your able to store texts and
images in one simple container. So next time you see some information on the WEB you want to keep,
make a pdf of that webpage.

Also the new editions are adaptive to advancements in technology to documents and document
portability and processing. I hope this makes you think again about pdf's use in your daily life's.

(annotate = to supply with critical or explanatory notes, comment upon pdf as in notes.)

Further Reading -

PDF/UA: The ISO standard for universal accessibility
http://www.pdfa.org/wp-content/uploads/2013/08/PDFUA-in-a-Nutshell-PDFUA.pdf

PDF/A in a Nutshell 2.0 - PDF for long-term archiving - The ISO Standard – from PDF/A-1 to PDF/A-3
http://www.pdfa.org/wp-content/uploads/2013/04/PDFA_in_a_Nutshell_21.pdf

----------------------------------------------------------------------------------------

Are PDF's Safe or Can a PDF's be DANGERIOUS or Contain Malicious Infections ?

 

If you ever see one with a double extention like .pdf.exe you can bet that it's a Nasty just waiting to be free.

 

Viruses were first found to be a potential vulnerability in PDFs in 2001.
While viruses aren’t exactly breaking news for most internet users who have experienced a virus here
or there at some point (this PDF one happens to be called OUTLOOK.PDFWorm or OUTLOOK.PDFPeachy),
they are something to look out for when opening or attempting to open a PDF.

Your first and best defense is user education and self discipline.
Never open anything that you are not expecting or don't recognise the sender etc.
Use software that puts up a barrior like Sandboxie, Shadow Defender to protect your system.

It is very possible for a computer to get infected via a malicious PDF.
In addition to using anti-spam and anti-virus software, it's wise to use the latest version of Adobe Reader
(or an alternative PDF reader of your choice), and to always keep it updated.
As malicious PDFs are also commonly distributed via drive-by downloads and web-based social engineering attacks,
using a good web filtering and scanning solution at the endpoint and/or gateway is also important.

PDF files are not supposed to be executable.
However, Adobe has added waaaaay too many "features" to Adobe Reader, including adding JavaScript.
There have been a huge number of serious vulnerabilities found in Adobe Reader.

http://secunia.com/advisories/product/42778/?task=advisories - Adobe XI (11)
http://secunia.com/advisories/product/33102/?task=advisories - Adobe X (10)
http://secunia.com/advisories/product/19237/?task=advisories - Adobe 9

Adobe Reader is really a huge security risk, and it's important to keep it patched.
There's also things you can do in adobe settings to reduce risk.
Fortunately, Firefox has it's own sandboxed PDF viewer now, which I think is a good security enhancement.

VirusTotal has the folling information that you may want to consider before opening one.
(doing a scan on one - the Dection yeilded NO objescts as Malious, but under File Details
the following was seen) Detection ratio: 0 / 55 

PDFiD information:
This PDF file contains 1 JavaScript block.
Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays.
Please note you can also find JavaScript in PDFs without malicious intent.

This PDF file contains an open action to be performed when the document is viewed.
Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.

The combination of automatic actions and JavaScript makes this PDF document suspicious.

This PDF document contains 8 object streams.
A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however,
since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects.

This PDF document has 1540 object start declarations and 1540 object end declarations.
This PDF document has 1244 stream object start declarations and 1244 stream object end declarations.
This PDF document has a pointer to the cross reference table (startxref).

The fact that PDF Reader can execute javascript means that upon clicking on the PDF and opening it the javascript will run
which can contain malicious code.
The double extension trick is really very old and should it should be standard practice to delete such files and enable File
Explorer | Organize | Folders and search options | "View" tab | un-check "Hide extensions for known file types."
Creating a group policy as a group policy preferences set to enable extensions can help a lot, a software restriction policy
disallowing *.pdf.exe - (as well as other common extensions, such as .doc) will stop it regardless of the view settings.
This will help if you share your sysytem with other users.

PDFs can contain a "virus" but in my experience they generally contain exploits.
The exploit is either targeting Adobe Reader/Pro or Java.
Once the exploit has run on the vulnerable system the dropper will then start downloading the real nasty stuff which dials
back home to the C&C as well as, attempts to obtain the coveted SYSTEM privilage level if the original exploit did not.
Keeping software patched and current as well as; disabling Java scripts within Adobe PDFs is a good start.

I believe cryptolocker can come like that too, but not directly a virus pdf. as I'll explain.
There could be a virus made to look like a PDF fairly simply.
It would show as something like product-data.pdf, and have adobe icon.
The icon could be based on properties, or the .pdf as usual. However this "PDF" is not really a PDF, but an EXE.
Taking advantage of a default setting in windows OS. the file is actually say Product-data.pdf.exe.
Because Windows generally by default hides extensions for known files the EXE won't show.
The user clicks it thinking it's a PDF, but it's actually an EXE that executes, and your infected.

 

Cat Hates Dog Food_.pdf