Can an Adobe PDF File Contain Malware?

by Elizabeth Mott
The portable document format was designed to make content available without its originating application.

The portable document format was designed to make content available without its originating application.

Any form of digital document can be used to deliver malware to infect a recipient's computer, providing criminals with access to files and personal data. Whereas Microsoft Word and Excel files, and the macros and programming they can contain, were once the document types most commonly used for spreading these infestations, Adobe PDF documents have gained in popularity as means of attack because of their widespread use.

Multimedia Content

The Adobe PDF specification includes provisions for links to multimedia content, including movie, MP3 and other file types. Because PDF provides opportunities for enriched presentations that play songs, trigger JavaScript code and load videos, the payload for a malware attack can consist of materials that form routine parts of PDF-based marketing efforts. Without some common sense about acceptable and unacceptable file sources, and timely malware protection at the system level, a recipient won't know whether the content incorporated into a PDF consists of genuine resources or malware.

Website Links

PDFs can use a combination of JavaScript and in-file links to trigger access to resources housed on remote websites. Like the other forms of material that PDFs can incorporate, these links can serve intentions good and bad, providing enhanced content by serving up current versions of website pages or connecting unsuspecting users to malware infected sites. The attack can be disguised within a seemingly benign process that covers up the delivery of an infectious payload.

Virus Content

Along with links to sources of malware, PDF files can contain actual viruses or trojans embedded within otherwise legitimate code. When an unwary user double-clicks on the file to open it, a script unpacks the malware and installs it. These infestations can turn the infected PC into a bot enrolled within a network used in denial of service attacks on major websites or redirect personally identifiable information to crooks and thieves.

Other Considerations

Adobe Systems issues frequent updates to its free Adobe Reader and paid Adobe Acrobat software packages to prevent loopholes and exploitable vulnerabilities from providing attack vectors for fraudsters. At the same time that you keep your Adobe software up to date, it's important to avoid trusting files from unknown sources and to subject all email attachments to skepticism. Along with vigilant common sense, your best line of defense against infected and bogus PDF files comes in the form of anti-malware and anti-virus software.

About the Author

Elizabeth Mott has been a writer since 1983. Mott has extensive experience writing advertising copy for everything from kitchen appliances and financial services to education and tourism. She holds a Bachelor of Arts and Master of Arts in English from Indiana State University.

Photo Credits

  • Justin Sullivan/Getty Images News/Getty Images