Skip to main content
SpringerLink
Log in

Malicious origami in PDF

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

People have now come to understand the risks associated with MS Office documents: whether those risks are caused by macros or associated breaches. PDF documents on the contrary seem to be much more secure and reliable. This false sense of security mainly comes from the fact that these documents appear to be static. The widespread use of Acrobat Reader is most likely also accountable for this phenomenon to the detriment of software that modifies PDFs. As a consequence, PDF documents are perceived as images rather than active documents. And as everyone knows, images are not dangerous, so PDFs aren’t either. In this article we present the PDF language and its security model, and then the market leader of PDF software, Acrobat Reader. Finally, we will show how this format can be used for malicious purposes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Blonce, A., Filiol, E., Frayssignes, L.: Les nouveaux malwares de document: analyse de la menace virale dans les documents pdf. MISC 38 (2008)

  2. Blonce, A., Filiol, E., Frayssignes, L.: New viral threats of pdf language. In: Proceedings of Black Hat Europe (2008). https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Filiol

  3. Raynal, F., Delugré, G.: Malicious origami in pdf. In: Proceedings of PacSec (2008). http://security-labs.org/fred/docs/pacsec08/

  4. :Document management – Portable document format – Part 1: PDF 1.7, 1st edn. (Juillet 2008). http://www.adobe.com/devnet/acrobat/pdfs/PDF32000_2008.pdf

  5. :Adobe Supplement to ISO 32000, BaseVersion 1.7, ExtensionLevel 3. (Juin 2008). http://www.adobe.com/devnet/acrobat/pdfs/adobe_supplement_iso32000.pdf

  6. ElcomSoft: Advanced pdf password recovery. http://www.elcomsoft.com/apdfpr.html

  7. :Parameters for Opening PDF Files. (Avril 2007). http://partners.adobe.com/public/developer/en/acrobat/PDFOpenParameters.pdf

  8. WiSec: Adobe acrobat reader plugin – multiple vulnerabilities. http://www.wisec.it/vulns.php?page=9

Download references

Author information

Authors and Affiliations

  1. MISC, Paris, France

    Frédéric Raynal

  2. Sogeti/ESEC, Paris, France

    Frédéric Raynal, Guillaume Delugré & Damien Aumaitre

Authors
  1. Frédéric Raynal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guillaume Delugré
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Damien Aumaitre
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Frédéric Raynal.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Raynal, F., Delugré, G. & Aumaitre, D. Malicious origami in PDF. J Comput Virol 6, 289–315 (2010). https://doi.org/10.1007/s11416-009-0128-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-009-0128-2

Keywords

Search

Navigation