Malicious origami in PDF
Tóm tắt
People have now come to understand the risks associated with MS Office documents: whether those risks are caused by macros or associated breaches. PDF documents on the contrary seem to be much more secure and reliable. This false sense of security mainly comes from the fact that these documents appear to be static. The widespread use of Acrobat Reader is most likely also accountable for this phenomenon to the detriment of software that modifies PDFs. As a consequence, PDF documents are perceived as images rather than active documents. And as everyone knows, images are not dangerous, so PDFs aren’t either. In this article we present the PDF language and its security model, and then the market leader of PDF software, Acrobat Reader. Finally, we will show how this format can be used for malicious purposes.
Tài liệu tham khảo
Blonce, A., Filiol, E., Frayssignes, L.: Les nouveaux malwares de document: analyse de la menace virale dans les documents pdf. MISC 38 (2008)
Blonce, A., Filiol, E., Frayssignes, L.: New viral threats of pdf language. In: Proceedings of Black Hat Europe (2008). https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Filiol
Raynal, F., Delugré, G.: Malicious origami in pdf. In: Proceedings of PacSec (2008). http://security-labs.org/fred/docs/pacsec08/
:Document management – Portable document format – Part 1: PDF 1.7, 1st edn. (Juillet 2008). http://www.adobe.com/devnet/acrobat/pdfs/PDF32000_2008.pdf
:Adobe Supplement to ISO 32000, BaseVersion 1.7, ExtensionLevel 3. (Juin 2008). http://www.adobe.com/devnet/acrobat/pdfs/adobe_supplement_iso32000.pdf
ElcomSoft: Advanced pdf password recovery. http://www.elcomsoft.com/apdfpr.html
:Parameters for Opening PDF Files. (Avril 2007). http://partners.adobe.com/public/developer/en/acrobat/PDFOpenParameters.pdf
WiSec: Adobe acrobat reader plugin – multiple vulnerabilities. http://www.wisec.it/vulns.php?page=9