Can a PDF file contain a virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have had several unknown persons send PDF attachments with email
lately.  I have a policy, if I dont recognise the name of the sender,
the email is deleted. however on occasion I will email a business and
will get a reply from an address not containing the business name but
from someone that works there.  In that case, if I am expecting some
reply from a business, I will read the text portion of emails that
might be from such a source, and on several occasions what looked to
be spam was actually such a reply.  However, unless I know the person,
no attachments are ever opened.  Anyhow, I keep getting these PDF
files lately.  My guess is that they are just advertising, but I wont
open them, and just delete them.  My question is whether a PDF can
contain a virus or spyware?  I know that .exe files, screen savers,
.zip and other compressed files can, and I have heard of a few
occasions where pictures can contain at least some sort of bad code.
I never heard anything about PDF's one way or the other.

Thanks for replies

Greg

Re: Can a PDF file contain a virus?

gregpatterson@-invalid-.com says...
Quoted text here. Click to load it
Type "pdf virus" into Google and check the first hit.
--
Snob? Were I a snob, I wouldn't be talking to you.

Re: Can a PDF file contain a virus?

gregpatterson@-invalid-.com wrote:

Quoted text here. Click to load it

I've gotten a few spams recently where the spam message was a page of
PDF. It was a stock scam. Apparently, the spammers are switching from
using graphics (JPEGS) to PDFs in a further attempt to get past filters.

Save the PDF file to your hard disk and scan it.

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: Can a PDF file contain a virus?

My Yahoo account has received hundreds of those attachments.    Just
delete them - they are most likely advertising for stocks, medicines
and such.   The PDF's are probably obfuscated so SPAM OCR engines
can't filter them out.


Re: Can a PDF file contain a virus?

What's to keep you from doing an on-demand virus scan with your resident AV
product. It is more thorough than trying to establish unilaterally if "pdf's
contain viruses"

Charlie

Quoted text here. Click to load it


Re: Can a PDF file contain a virus?

wrote:

Quoted text here. Click to load it

Thanks for all the replies....

Yes, I could do all of this scanning and so on.....
However, my time is more valuable than wasting it on spam.
The delete key does the job.  
I was just asking to find out the facts.  The files were actually
.PDF, not with .exe or something else at the end.  I am sure it's just
some sort of stock or drug crap as always.  Not worth my time.

Good day !

Quoted text here. Click to load it


Re: Can a PDF file contain a virus?

gregpatterson@-invalid-.com wrote:

Quoted text here. Click to load it

Once would be enough, just so you see they really are spam. After that,
common sense - looking at the FROM: and the text of the Subject: line -
should tell you easily that they are spam ... whereas the Delete key
comes in to play quite easily.

The only time I bother to open a spam (and they really are obvious) is
to see what new tricks the spammers might be up to now, and if I'm not
busy, to report them to their web hosts, and/or to notify the ISP of the
clueless zombied user they came from.

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: Can a PDF file contain a virus?

Quoted text here. Click to load it


What makes you think a .pdf attachment to an e-mail must be a PDF
document?  Files can be named anything.


Re: Can a PDF file contain a virus?


nM6dnVUm-5uDqAjbnZ2dnUVZ_h6vnZ2d@comcast.com...
Quoted text here. Click to load it

As a personal comment, I also received a lot of these pdf files. Those files
open normally when dregged in a foxit reader window, under a protected
environment. No alarm rings. However I suspect that double clicking on such
a file would lead to different results. Am I right or wrong ?



Re: Can a PDF file contain a virus?

frischmoutt wrote:

Quoted text here. Click to load it

You would be wrong.  In either case, you are opening the file.

Oh wait ... I'm assuming it would open in FoxIt when you double-click it
right?  Not some other "default" PDF reader... there were links posted
some weeks ago about vulnerabilities in Adobe versions prior to 8. Don't
remember the details.

After all that, the PDFs this thread is about are just spam.

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: Can a PDF file contain a virus?


< sip >
| there were links posted
| some weeks ago about vulnerabilities in Adobe versions prior to 8. Don't
| remember the details.
|


XSS Vulnerability -->
http://xforce.iss.net/xforce/xfdb/31271
http://www.ciac.org/ciac/bulletins/r-096.shtml

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Can a PDF file contain a virus?

David H. Lipman wrote:

Quoted text here. Click to load it

Those be the ones. Adobe 7.0.8 and earlier.  Thanks, David.

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: Can a PDF file contain a virus?


Quoted text here. Click to load it

Sorry I just realise that I wasn't so clear.
When I have suspiscious files, I use to _drag_ them in Notepad or Quickview
or Foxit already open windows.
I always _avoid to double click_ on them in order not to launch possible
programs (renamed files for example).
These extensions correspond more or less to those listed in the Quarantined
file of Zone Alarm.

I also avoid to open .xls and .doc in Excel or Word, even by dragging the
files.



Re: Can a PDF file contain a virus?

frischmoutt wrote:

Quoted text here. Click to load it

Not really; I knew what you meant.

Quoted text here. Click to load it

This is good. If, in the generally rare case, the attachment does have a
socially-engineered file name, such as:

   britney-spears-naked.pdf                     .exe

you most likely won't actually launch the .exe if you drag it into
FoxItReader.  But then, how do we know Windows will actually comply with
that choice?  :-)

Quoted text here. Click to load it

If you were not expecting the files from trusted senders, that is a good
plan. ... Even if you *were* expecting them, it is best to scan them
first with your up-to-date a-v program.

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: Can a PDF file contain a virus?


| I have had several unknown persons send PDF attachments with email
| lately.  I have a policy, if I dont recognise the name of the sender,
| the email is deleted. however on occasion I will email a business and
| will get a reply from an address not containing the business name but
| from someone that works there.  In that case, if I am expecting some
| reply from a business, I will read the text portion of emails that
| might be from such a source, and on several occasions what looked to
| be spam was actually such a reply.  However, unless I know the person,
| no attachments are ever opened.  Anyhow, I keep getting these PDF
| files lately.  My guess is that they are just advertising, but I wont
| open them, and just delete them.  My question is whether a PDF can
| contain a virus or spyware?  I know that .exe files, screen savers,
| .zip and other compressed files can, and I have heard of a few
| occasions where pictures can contain at least some sort of bad code.
| I never heard anything about PDF's one way or the other.
|
| Thanks for replies
|
| Greg


Can an Adobe PDF contain a virus ?  No !

Can an Adobe PDF be used in an Exploitation attempt of an Adobe Reader/Acrobat
vulnerability
?  Yes. ( Example;  Cross-Site Scripting Vulnerability )

You problem is pure spam, not a virus/malware issue.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Can a PDF file contain a virus?

Quoted text here. Click to load it

That really depends on the PDF readers, in my opinion.


--
iTech Consulting Services Limited
Expert in ePOS (Point-Of-Sales) solutions
Website: http://www.itech.com.hk (IE only)
Tel: (852)2325 3883    Fax: (852)2325 8288

Site Timeline