PDF Trojans

[Tiffany S.]

Is it possible for malware to be hidden in PDF files?

If so, will a .pdf extension on a malware file limit it to being opened
only by a PDF reader, in which case it will be unexecutable?

 

[jen]

Is it possible for malware to be hidden in PDF files?
If so, will a .pdf extension on a malware file limit it to being
opened
only by a PDF reader, in which case it will be unexecutable?

For starters:
0day: PDF pwns Windows:
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows/

-jen

 

[David H. Lipman]

From: "Tiffany S." <[email protected]>

| Is it possible for malware to be hidden in PDF files?

| If so, will a .pdf extension on a malware file limit it to being opened
| only by a PDF reader, in which case it will be unexecutable?


Hidden in them ? No.

However, there are vulnerabilities which can lead to Trojan downloads such as Cross-Site
Scripting (aka; XSS).

 

[jen]

From: "Tiffany S." <[email protected]>
| Is it possible for malware to be hidden in PDF files?
| If so, will a .pdf extension on a malware file limit it to being
opened
| only by a PDF reader, in which case it will be unexecutable?
Hidden in them ? No.
However, there are vulnerabilities which can lead to Trojan downloads
such as Cross-Site
Scripting (aka; XSS).

Have you seen this David?

David Kierznowski's page...
Backdooring PDF Files:
http://michaeldaw.org/md-hacks/backdooring-pdf-files/

-jen

 

[David H. Lipman]

From: "jen" <[email protected]>



| Have you seen this David?

| David Kierznowski's page...
| Backdooring PDF Files:
| http://michaeldaw.org/md-hacks/backdooring-pdf-files/

| -jen


Until now... no.

Thank you.