TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Subject:Re: PDFs and Viruses? From:Jimmy Breck-McKye <jb527 -at- hotmail -dot- co -dot- uk> To:techwr-l -at- lists -dot- techwr-l -dot- com Date:Tue, 13 Jul 2010 16:55:06 +0100
In theory, sure. Let's look at how a basic PDF virus might work.
PDF-o-matic stores two sets of data next to each other. One stores the
data from the 'author' field or somesuch, a text string. Next to this,
we have the binary of the application. The data in the author field can
go up to 128 bytes (characters), but PDF-o-matic doesn't actually check
the length of the 'author' data.
What happens when a malicious user creates a PDF with a too-long author
field? Well, the author data overwrites a portion of the executable. It
now points to another portion of the PDF, say, the comment field, which
actually contains run-able code. This code does three things:
* it makes PDF-o-matic write the same broken 'author' data to all PDFs
it generates
* it makes PDF-o-matic copy data from the comment field and write it to
all PDFs it generates
* it destabilizes the program (intentionally or not), and eventually
causes crashes and bugs
This is just one way a virus might attack a PDF application. As you can
see, it has far more to do with the application than the filetype; all
files contain strings that can be handled poorly by the program. The
moment one is found, it can be exploited.
Incidentally, this is one reason updating software can massively alter
the effectiveness of malware: the 'memory maps' (which describes which
sorts of data are being stored in different RAM locations) of a program
can change radically between builds.
On 13/07/10 15:14, Keith Hansen wrote:
> Question folks... Can a PDF file contain a virus?
>
> I've usually heard that it cannot, but I have heard a few people claim otherwise.
>
> Any opinions? Personal experiences with this?
>
> Thanks.
>
> Keith
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Gain access to everything you need to create and publish information
> through multiple channels. Your choice of authoring (and import)
> formats with virtually any output. Try Doc-To-Help free for 30-days.
>http://www.doctohelp.com/
>
>
> ---
> You are currently subscribed to TECHWR-L as jb527 -at- hotmail -dot- co -dot- uk -dot-
>
> To unsubscribe send a blank email to
> techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
> or visit http://lists.techwr-l.com/mailman/options/techwr-l/jb527%40hotmail.co.uk
>
>
> To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com
>
> Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
>http://www.techwr-l.com/ for more resources and info.
>
> Please move off-topic discussions to the Chat list, at:
>http://lists.techwr-l.com/mailman/listinfo/techwr-l-chat
>
>
>
>
Gain access to everything you need to create and publish information
through multiple channels. Your choice of authoring (and import)
formats with virtually any output. Try Doc-To-Help free for 30-days. http://www.doctohelp.com/
---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-
