How *not* to get infected by a PDF attachment virus
Engage brain, let Acrobat 5 scrub the harmful add-ons away

14 August 2001

Depending which report(s) you may have read recently about the so-called "Peachy" virus that demonstrated PDFs can be carriers of viruses -- but only in attachments -- you might have concluded that there was reason for panic, or merely reason to be slightly more alert.

One published news report concluded:

"Although experts say that Peachy hasn't caused any damage, and isn't expected to, the virus has raised concerns about PDF, which in the past has been considered to be a very secure file format due to its use of encryption."

No indication which 'experts' they interviewed.

A more realistic report concluded:

"... the Peachy virus raises the issue that PDF files -- widely used to display documents within Web browsers and e-mail -- could become a new channel for spreading viruses."

FACT: Yes, they could -- and probably will.

FACT 2: You will only become infected by a virus contained in a PDF attachment if you first ignore warning signs from Acrobat, and are careless about opening unexpected file attachments. The same holds true, by the way, for unknown files distributed by any means.

We opted for a true expert opinion from a widely recognized PDF Guru, Aandi Inston of Quite Software. In his usual frank but knowledgeable way, Aandi made his opinion clear during an online discussion that the mild hysteria about PDFs suddenly spreading viruses randomly and rapidly against defenseless users is nonsense.

"No VBScript is needed. Just an idiot at the controls."

"You get a PDF file, and click. Acrobat asks you if you want to run a program. If you say yes, Acrobat does so. In this sense, Acrobat can carry viruses just like a Web browser and just like an e-mail program."

"The 'payload' doesn't have to be a virus. Remember that every unidentified attachment, every link on the web, every embedded PDF file could be a 2-line program that just removes every file on your hard disk."

Kathi Rauth, Senior Product Manager for Security and Digital Signatures at Adobe Systems, concurs -- but takes a more diplomatic approach (in part not having dealt with the same amount of online discussion 'nonsense' as Aandi over his many years!): "There are a number of ways that Acrobat users can protect themselves," she says, noting that "this is not a new problem -- just a new format for an old problem."

Rauth is quick to underscore that viruses can only be borne by attachments, not PDF files themselves. "PDF shall remain a secure format."

Additionally, she says, Adobe recently announced a relationship with McAfee to develop additional tools for detecting and removing viruses contained within PDF files. McAfee has released a software update (.DAT 4154) that can detect the Peachy virus, Rauth says.

There's a growing suspicion that the timing of the release of the "proof-of-concept" virus suggests it was created as a protest of Adobe's involvement in the FBI's arrest of Dmitry Sklyarov, a Russian software programmer. The Web site of the virus author adds to that speculation, indicating interest if not involvement in similar activism efforts.

According to one skeptic: "The hacker community is trying to damage Adobe's reputation, knowing that a virus scare will do damage in today's climate, whatever the facts."

Warning Signs and Protection Techniques

Among the ways Acrobat 5 users can protect themselves are the following:

Heed warning dialog boxes if you're not sure of the file's source.

Acrobat 5 uses dialog box warnings to alert users to possible viruses


Use Acrobat 5's PDF Consultant feature to analyze documents and remove attachments.
PDF Consultant can detect and remove attachments


To detect and remove unwanted elements:

  1. Choose Tools > PDF Consultant > Detect and Remove.

  2. Select the items you want to detect or remove. Selecting All Comments will cause File Attachments Only and Multimedia to be selected as well.

  3. Do one of the following:

    • Click Analyze to see a report of the number of each of the selected items PDF Consultant detects in the PDF file.

    • Click Remove to remove the selected items from the PDF file.

PDF Consultant can analyze attachments to PDF


Allow File Open Actions and Launching File Attachments warns of security risks when you open a file in another application from a link in a PDF document; it provides a chance to cancel the operation. If this option is not selected, links to files in other applications are disabled.

Acrobat 5 Preference for launching attachment links


MORE INFO


PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Aerialist 11

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link...

Download free demo

Debenu PDF Tools Pro

It's simple to use and will let you preview and edit PDF files, it's a Windows application that makes...

Download free demo

Two Passwords Are Better Than One: The Low-Down On PDF Security

For people who don't spend their time looking at PDF files in text editors*, PDF security is a sometimes misunderstood beast.

For example, those document restrictions that PDF files sometimes have -- no Printing, Content Copying, Page Extraction, etc -- are essentially useless unless the PDF also has a User Password.

January 09, 2014
Platinum Sponsor



Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist 11

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.

Features

Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.