[RndTbl] Fwd: Can a pdf file itself be maleware

eh at eduardhiebert.com eh at eduardhiebert.com
Thu Jan 20 21:26:29 CST 2022 

  Hi All,

Bringing this to a conclusion, what a breadth of helpful information!

I can clearly  now more knowingly, be safer and my thanks  to all who 
replied!

I will be putting this to more use among my contacts, minus the names

I advance one caveat.  With the ongoing tech and means advancements over 
time, one growing vulnerability may arise that email attachments even 
when expected from known contacts may not always be safe because with 
more smarts, they could be breached and the bad actors then lie in wait 
until the parties bases their collaboration practices once identified 
then become potential risk exposure events.

Oh? And one last thing if someone knows why and how to undo.  I copied 
and pasted several as per below, but Bitters would not copy/paste unless 
I did it paragraph by paragraph.

Best!

Eduard

Bitters wrote:
Seems to have a hyperlink inside the PDF that actually leads you to the 
malicious software. So maybe that's one way it gets past virus 
detection. It relies on the user to grab a secondary file from the 
hyperlink. I might set up a VM later and see where the rabbit hole 
leads. Most likely a keylogger if anything at all.

Checked out the link. It's one of the worst fake logins I have ever seen




On 19/01/2022 12:57 PM, John Lange wrote:
> Ok, so it turns out it is a straight up credential stealing phish 
> attack.It's a link to a website that links to another website with a 
> fake o365 login. Since there is no executable it escapes malware 
> detection. I would still have thought it would get black-listed based 
> on the URL in the PDF but I guess that shows how weak standard 
> filtering is. I suspect the PDF in the URL is uniquely generated for 
> each email attachment so it can't be easily black-listed.
> 
> John
> 
> 
> On 18/01/2022 9:15 PM, Adam Thompson wrote:
>> PDF files can be malicious.
> 
>> , there have been several PDF zero-day flaws in the past: there could 
>> be more to come.
>> 
>> No attachment is safe like opening an email... and  if you talk to 
>> security experts, they can come up with examples of how just opening 
>> an email can be a problem, too .
>> 
>> General rule of thumb: do not open any attachments, ever.  The 
>> exception is if you know the sender and are expecting an attachment 
>> from them.
>> If you must open an unknown attachment (and do not have a sandboxed 
>> system where you can do so safely), save it first, make sure it gets 
>> or automatically got scanned, then open it.
>> 
>> -Adam

On 19/01/2022 6:45 PM, Brian Lowe wrote:
> 
> 
> 
> In addition to rendering flaws, PDFs can have embedded JavaScript. This 
> is from the abstract of a paper published by the IEEE in 2014:

> An emerging threat vector, embedded malware inside popular document 
> formats, has become rampant since 2008.Owed to its wide-spread use and 
> JavaScript support, PDF has been the primary vehicle for delivering 
> embedded exploits   . Unfortunately, existing defenses are limited in 
> effectiveness, vulnerable to evasion, or computationally expensive to 
> be employed as an on-line protection system. In this paper, we propose 
> a context-aware approach for detection and confinement of malicious 
> JavaScript in PDF.



https://ieeexplore.ieee.org/document/6903571



Paper (ironically, a PDF) at 
https://www.eecis.udel.edu/~dpliu/papers/dsn14.pdf.



Brian

More information about the Roundtable mailing list