What makes the PDF so enticing to malicious users? There are more reasons than you think.
With the recent headlines about Adobe PDF vulnerabilities being taken advantage of, just about anyone who used a PC was on the alert. PDF files have the potential to do some serious damage to systems and data when infected.
Because the PDF is not without its weaknesses, anticipating ways in which attackers can use the format can be the best way to defend against it.
Below is a brief look at 13 ways—both technical and simple, in which the PDF is vulnerable and can be manipulated by malicious users.
1) JavaScript
Online PDFs are designated with open parameters that can be injected with malicious JavaScript code. Because of the flexibility of JavaScript, hackers have a broad range of what can be done using the PDF file as their hacking tool of choice.
2) Spam
The recent spamming attacks this year demonstrated a way of exploiting the nature of the PDF as file format. Until recently, the PDF never really got caught at the anti-spam gates. Thus, although most anti-spam products now check PDFs and other forms of image spam, PDF containing spam made it into millions of inboxes everywhere. Although not immediately threatening as code executions, spam is still spam and has the ability to deliver Trojans, viruses, and malware.