Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Manipulate PDFs with Malware

From: David Gillett <gillettdavid () fhda edu>
Date: Tue, 22 Jan 2013 17:42:15 +0000
  If I recall correctly the structure of PDF files, elements contained in the file are easily overridden by appending a 
new value for the (specified) element.  So the challenges really are (a) to identify the element to be overridden (and 
if this is a form, the attacker might only have to do that once for all instances of that form...), and (b) possibly, 
to hide the fact that the size of the file as opened is slightly larger than the size advertised by the host it was 
downloaded from.
  Tricky, perhaps, and I don't actually know of malware that does this -- but it doesn't sound impossible to me.

David Gillett
CISSP CCNP


-----Original Message-----
From: Nick Clark [mailto:nick () clark-clan com] 
Sent: Sunday, January 20, 2013 22:55
To: Andre Silaghi
Cc: security-basics () securityfocus com
Subject: Re: Manipulate PDFs with Malware

Depends on how the PDF is formed. If they are just using an image or flat text, I cannot think of any easy way to do 
this. If they are using a form, and this barcode has a set attribute field, then you could probably search for the 
field and replace it with whatever you'd like to. 

---
Nick Clark

On Jan 19, 2013, at 10:59 PM, Andre Silaghi <andre.silaghi () googlemail com> wrote:


Hello everybody,

Let me just explain to you a scenario before I ask my question about 
it. You are starting to download a PDF file including a barcode which 
is used to identify some payment information like the ammount of money 
you have to pay and the receiver, maybe identified by another sequence 
which is included.

Would it be possible to manipulate this barcode easily before or 
during the opening process of the PDF in order to change the payment 
information in a way that the attacker's information is encoded there?

Have you any experience with malware like this?

Best regards,
André

----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this 
guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: