• Posted Dec. 23, 2014, 12:47 p.m. - 7 years, 9 months ago

Common Malware Threats within PDF Documents

Mal – Malicious. Ware – Software. MalWare

Malware has been around almost as long as the internet has, and there will always be hackers waiting for an opportunity to arise and to be taken advantage of. Every file type out there is far game, and it is important that web developers and users alike take comprehensive precautions to prevent against and stop malware entering their computers and websites, and tackle anything that does – quickly!

2014 has been a busy year on the malware front for PDF documents, the majority of which have been attacks on Javascript within PDF files (94%, according to MalwareTracker). This is not unexpected, as Javascript is the most popular coding language for PDF files due to the support it offers for rich content types typically found within PDF documents. One of the biggest malware threats to PDFs in 2014 has been CVE-2014-0496 which has been classed as a severe threat, allowing for the unauthorised disclosure of information, modification and disruption of service to PDF users.

Execution of Malware

Malware can only be executed from within a file onto a computer once the file is opened by the user, which is why it is so important that comprehensive antivirus and anti-malware systems are in place, as these threats are typically subtly hidden within coding as exe files and not obvious to the user of the file. Once launched, the malware is then executed onto the host device, and left unchecked can steal passwords, disrupt the system, access a user’s other documents and even prevent online access – in some critical cases, malware can even cause a system to shut down completely.

Removal and Prevention of Malware

There are many programs that have been designed specifically to prevent malware from operating and to identify threats before they can be opened, including Norton, AVG and Kaspersky. Users should also always operate with caution, and refuse to open documents from unknown senders, or links to documents sent within emails or private messages.
If you think your computer or device has been infected, it would be wise to change all passwords as a temporary measure, then install a comprehensive malware tracking program to identify and remove the malicious files. Do not take files off with a memory stick and transport elsewhere until clean, as this could just spread the problem further afield!

Image credit: http://commons.wikimedia.org/wiki/File:Malware.png