Appligent Document Solutions - PDFs are safe, right? Not anymore

PDF Document Management Software, Services & Support

The Latest

SecurSign 5 Now Available! Includes Signature Validation to Detect Tampering.
Lansdowne, PA (July 13, 2011)
Encrypt, digitally sign and verify digital signatures on PDF documents.

Redax 5: Advanced Redaction for PDF Documents
Tuesday, March 22, 2011
The latest Redax adds new patterns, regular expressions and more!

Redax Enterprise Server 3 Ships!
Thursday, January 6, 2011
New Redaction Engine, Powerful New Markup Options and More!

Survey: Server Based PDF Applications
Tuesday, December 7, 2010
The 2010 Survey asked about PDF server application development.

PDFs are safe, right? Not anymore

Tuesday, July 20, 2010

DocuCrunch
PDFs are safe, right? Not anymore

There's something about PDF files that makes users think they're safe to open. And that's exactly why they've become one of the preferred malware delivery vehicles for hackers.

That's the warning from Appligent Software CEO Duff Johnson, one of the experts on the file format and document management.

The worst thing is that most users and IT staff treat PDF files as somehow different from other files. Although they're the most commonly used format for archiving and file sharing, PDF files are as capable of being corrupted with malware as damaging as found in the most pernicious spam or corrupt Office file.

padlock This didn't use to be the case, notes Johnson, but over the last few years, hackers have turned their attention to this widely used and seemingly safe format. He links to an IBM Threat Report that documents this growing problem.

According to some research, PDFs represent the biggest malware threat companies face right now. For example, a report by security firm ScanSafe found that in the fourth quarter of 2009, 80% of all exploits targeted flaws in Adobe's PDF software. At the time, those flaws were getting a lot of attention, leading hackers to put more effort into exploiting them.

And earlier this year, we reported on another attack that didn't make use of a security bug, but rather exploited PDF documents' ability to run embedded executable files.

PDF attacks usually occur when users are tricked into opening a file, often one that uses embedded JavaScript or Flash content that interacts with a remote server.

Key steps for companies:

IT departments have to get up to speed on the latest PDF threats, just as they keep current on e-mail threats.
End users should learn to treat PDF files the same as any file — don't open it if you are unsure of its origin.
Update PostScript viewing software (generally Adobe Viewer) as soon as it is released — Adobe is constantly working on responding to the latest threats.
Considering using alternative PDF viewers that are less common than Adobe, and therefore may be less susceptible to attacks.
You may want to consider disabling Flash and JavaScript in your PDF readers. At least one major company surveyed said that they only permit JavaScript as an exception.

Return to In The News

Server

Desktop

Services

Support

Why Us?

About Us

AppendPDF
AppendPDF Pro
FDFMerge
FDFMerge Lite
pdfHarmony
Redax Enterprise Server
SecurSign
StampPDF Batch
APCrypt
APJavaScript
APSplit
APGetInfo
pdfAPilot Server 2

Redax
StampPDF plug-in
StampPDF DE
AppendPDF DE
APSplit DE

PDF Forms
Designer/XFA Forms
PDF JavaScript
PDF Accessibility
Section 508
Publication Scanning
CD/DVD-ROMs
Custom Development

Software Support Policy
Technical Support
Product Documentation
FAQs
Sample Scripts
PDF Glossary
Contact Support

Talking PDF
Appligent Labs

Customers
Testimonials
Case Studies
Cost Effectiveness
Innovation
PDF Standards
Experience

Mission
History
People
Partners
Contact Us
News & Events
Site Accessibility
Site Index

Site Accessibility | Email the WebAdmin