PDF is one of the most versatile and convenient file formats, which is why it’s widely used across the world. It’s used to share files via email as attachments, protect data from certain people, edit existing Word, Excel, and file formats, to create lovely presentations, and more.
In the past, it was considered the most secure file format that is safe from viruses.
That was the biggest reason it became so popular. However, it was discovered that PDFs can catch a virus, even as early as in 2001, when “Peachy” was discovered.
Some PDFs can have an actual virus while others can have another hidden malware. There are also advanced forms of malware that aren’t easy to detect.
Although this may sound worrying, there’s always a solution to the problem. The same goes for this one. If you want to find out more about PDF viruses, their identifying, and protecting, keep on reading.
PDF as a format itself doesn’t carry a virus but the elements attached to the file.
As you probably know PDFs have static elements, dynamic elements, and embedded signatures.
Static elements are the text and the images whereas dynamic elements are the forms.
All of these elements make the PDF file more appealing and consistent. However, these elements can also infect the PDF.
Namely, JavaScripts are the tool hackers use to “inject” the virus/malware into the PDF file. It’s because this file format can execute code on computers.
There are also the system commands, which launch along with the PDF file and can execute commands that will install the virus on the computer. Although most commands are already disabled by Adobe, they may still be open in other readers.
Moreover, hackers can use embedded objects in PDFs, such as a Flash file or QuickTime media, to insert viruses due to the vulnerability of media players.
And, there are the hidden objects, such as encrypted or embedded elements, which prevent antivirus scanners to scan the file.
Most infected PDF files are the ones we download from malicious websites and those spread via email. They usually contain a document in them, usually a Word file, which asks you to enable editing of the file upon opening the same. When you allow, the attack happens.
The best and most common way to check if a PDF file (and any file for that matter) is infected is to scan it. You can use anti-malware software for scanning upon downloading the file. Even better, you can scan it before you download it with an online virus scanner, such as VirusTotal or McAfee. And, If the file is sent via email, the email provider will scan it. For instance, Gmail uses VirusTotal technology to scan the attached documents.
Many people aren’t aware that PDFs can also get infected with viruses so they don’t usually scan those files.
But, since more and more hackers use PDFs to send a virus, Microsoft Malware Protection Center released a list of infected PDFs that have been detected in the past several months. Those are:
There’s an old saying that “prevention is better than cure”.
Hence, it’s better to protect your system from potentially infected PDFs than downloading one and having to take your computer to service so the techs can remove it.
There are many ways to protect your computer from PDF viruses, including:
To do this you need to go to Edit > Preferences > from the sidebar uncheck “Enable Acrobat JavaScript”.
Or, you can use the shortcut CTRL + K to open the section and then uncheck the feature.
To simplify things, you may open and read your PDF files in our online PDF reader. Take the advantage to do things online in a secure environment such as reading your document, and stay absolutely protected.
If you use Adobe Reader, you need to go to Preferences > Trust Manager > uncheck “Allow opening of non- PDF file attachments with external applications.
Having your operative system and antivirus software always up to date is very important as it ensures they work properly.
Also, you should perform scans regularly to check for any issues.
This is kind of a rule for all files, regardless of their format. It’s the best protection.
So, make sure you always check the sender/site and the name of the file.
If it comes from an unknown source, don’t open/download it.
By disabling the PDF reader from being opened automatically upon starting Windows OS, you will not only reduce the boot-time of the system but will also prevent future attacks on your PDF reader.
In fact, with the new GorillaPDF reader you don’t even need to have a desktop reader on your PC. You can access your files online.
Often undetected malware or virus can delete your files, which may cause you to lose important files forever.
That’s why you should back them up regularly.
More importantly, you should encrypt the backup for the maximum security of the data.
If you work in a team, initiate PDF encryption. That’s another layer of security, because it minimizes the risk of data and PDF elements being exposed by various threats when documents are shared.
Microsoft turned-off the auto-execution of this feature long ago out of security reasons.
So, make sure you keep the macros disabled. If any file tries to persuade you to enable the macros, it’s an infected file since malware does that.
Contrary to the popular belief that PDFs can’t get infected with a virus, this past year has proven the opposite. Although a PDF as a format doesn’t bear a virus, it can have it embedded in one of its elements.
That’s why you need to be very cautious when opening or downloading PDF files.
The best way to protect your system is to always scan the files before and after the download/opening.
So, make sure you do that, along with the other tips mentioned above. And, don’t forget to check the name of the file you’ve received in your email or want to download one from a site.