Solved

Embed Malicious code within a PDF document

Posted on 2006-07-04
9
822 Views
Last Modified: 2008-03-17
Hello,

I work for a security company who currently works with a lot of pdf documents.  I have heard that it is possible to embed malicious code within a pdf document.  I really would like more information on this topic and a sample pdf document that launches some type of reverse shell or command prompt.  If you could possibly tell me about a program that you could edit pdf code through and tell me how it works or show me where to find a sample document to download that would be great.  I would like a sample so I can attempt to send it through our systems and see if our systems will block the file.

Thanks!
0
Comment
Question by:neilsav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 168 total points
ID: 17038143
0
 
LVL 38

Expert Comment

by:lherrou
ID: 17038301
neilsav,

To the best of my knowledge, there's been very little in the way of PDF exploits found in the wild (maybe Peachy?). There are a number of "proof-of-concepts" out there, which can be found and tested. In general, with Acrobat and the PDF format becomes more advanced and with greater capabilities (such as javascript and embedded executables),  there comes a greater range of hazards (from VBS and JS to buffer overflows in the browser plugin). Traditionally, PDF files were not well-scrutinized by anti-virus programs. One way to assist in the detection process is to run a virus scanner which scans any files run or executed (as opposed to scanned files only when received or as stored).

LHerrou
0
 
LVL 1

Author Comment

by:neilsav
ID: 17038513
I know that there are tools that do insert code....To prevent this type of activity we block pdf code that include action launch, action javascript...etc...

Thanks for the above comments but they do not fulfill my request.
0
 
LVL 38

Assisted Solution

by:lherrou
lherrou earned 166 total points
ID: 17039410
Well, as Tolomir points out, we are not going to be able to lead you to something that may be used maliciously.

Your best bet would be to get the Adobe Software Development Kit (SDK) at: http://partners.adobe.com/public/developer/acrobat/sdk/index.html.
0
 
LVL 44

Assisted Solution

by:Karl Heinz Kremer
Karl Heinz Kremer earned 166 total points
ID: 17041695
You have to look at two different scenarios: Embedding code in a PDF file (that means via JavaScript) and exploiting a vulnerability in Acrobat or Reader.

You can take a look at the JavaScript Reference Guide to verify that Adobe designed the JS interface with security in mind (to such an extend, that people are asking Adobe to not do certain things, e.g. putting up a warning label on every dialog that gets created via JavaScript). There is nothing in Acrobat's implementation of JavaScript that could be used to harm your system. Of course it depends on what your definition of malicious code is... You could probably create a form that you use for phishing. But IMHO that's not a problem with Acrobat or PDF.

The second scenario is impossible to quantify because we don't know what type of potential problems are in Acrobat or Reader. THat's not different than running any other application and has nothing to do with PDF. I would be (actually, I am) much more concerned with MS Office documents than with PDF files. I work a lot with PDF and I have yet to see one file that is carrying malicious code in it, but I have seen lots of Word documents with macro viruses.

Again, verify for yourself that PDF files are save by reviewing the Adobe API documentation: http://partners.adobe.com/public/developer/pdf/topic_js.html
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question