• Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Malware?

Status
Not open for further replies.

MikeMl

Well-Known Member
Most Helpful Member
Looking for a Service Manual for my wife's fitness machine. Found what purports to be a downloadable .pdf on a website in Russia.

What is the hazard in downloading the .pdf? (Win 7)

What is the hazard in opening it in Acrobat?

Can it be checked for Malware before opening it for the first time?
 

Dr_Doggy

Well-Known Member
https://community.spiceworks.com/topic/424498-can-a-pdf-contain-a-virus
when they talk about hiding exe as pdf, it has to be launched as exe, exe doesnt launch if opening as file in program, ie... you can rename exe to jpg, but opening it in paint will not run it

... virus that is in true pdf form would need a reader that decodes virus instruction ... ie vulnerability is based on reader software capabilities:
https://www.enfocus.com/en/support/...#/SupportPortalSolution?id=501D0000000jfd4IAA

...... so full acrobat can run malicious code, acrobat reader cannot

... I use foxit reader , it is small/fast/light program , , without checking , i assume it cannot either
 

Mickster

Well-Known Member
Most Helpful Member
Maybe you could use a preview pane in windows explorer, which lets you see the content without actually opening the file?
 

CBB9

New Member
If you want to play things safe assume every file type and and application is vulnerable. Just because a vulnerability hasn't been reported doesn't mean it's not being heavily exploited. Widespread major exploitations such as the executing malicious code through Microsoft Office applications and Adobe Acrobat were in full use by hackers for many years before hitting the news.

As an information security professional with 10+ Years experience I'd suggest one the following options, in order of least to most involved:

• Trust your security software to do its job. I don't want to start an antivirus war so I'll leave out names and just say you'd be impressed just how good the one that comes with Windows 8/10 is (available by download for 7), and how bad and resource intensive some of the historically well known ones are. It never hurts to have a primary that handles scanning and live monitoring, and double check every so often with a secondary scanner (avoid running two security monitoring products one the same machine, more often than less it causes issues).

• Run the file through cloud heuristics, I prefer HitManPro for this. This could also be used as your secondary scanner as mentioned above. It's rare that it doesn't find something (dormant or not) buried deep in a machine.

• Use a sandbox device, this could be another physical computer or you could use one of the many OS virtualization products to create a virtual machine as your sandbox.

A side note to anyone who wants added network security is to turn off UPnP on your router if it exists and is enabled. That feature allows automatic management network internal/external connections and is often exploited. The recent DynDNS hack that brought down Yahoo and other major sites used hundreds of thousands of devices across the world that were automatically connected to the outside using UPnP. Ever wondered how that new IP/Wifi camera set itself up to allow you to connect to it remotely from your cell phone? In most cases it was using UPnP. Disabling it will require you to open any ports that need to access your network from the outside, but for many users this is never needed, and for those where it is it's a one time configuration per service.

I have over-simplified some of this while trying to provide enough insight to allow one to better protect themselves. At the end of the day though security is a perception. If the person with the right skills really wants to find a way into your systems, they will. I look at preventative measures such as this as ways to "keep the honest from stealing" the equivalent of putting those tiny little locks that can be broken by hand onto a suitcase, or a more extreme example, the dead-bolted front door with a glass pane on the side (smash glass, flip deadbolt, enter home). Even with my background I try not to get too caught up in being overly secure of my systems because I can't even guarantee my home to be 100% secure. I can setup alarms and alerts all day long, secure every door and window, hope for quick police response, and use insurance to cover losses, but none of that protects me from a motivated robber from getting in, it just offers me options after the security has been breached. Wrapping it all up, you lock your doors but how confident are you that your home/car are now protected because of that? (a topic for a different day in cars with the documented RF hacks that are out there) Look at your networked systems the same way and ask yourself what is the right amount of security for me and how much is in my control.

I know this is way more than what the original ask was looking for, but I wanted to take to opportunity to share my knowledge as this community has been so supportive of me as a new member in such a short amount of time. Feel free to remove my post if it is not appropriate.
 
Last edited:

autochan

New Member
If your PC, or laptop has an internet security program (such as ESET or Kaspersky) there isn't a hazard because if the .pdf file contains a malware then the program will delete it immediately.
 

CBB9

New Member
If your PC, or laptop has an internet security program (such as ESET or Kaspersky) there isn't a hazard because if the .pdf file contains a malware then the program will delete it immediately.
Given the exploit has been identified has a fingerprint has been created. It can only find traits that have been previously discovered. I say traits because certain types of malicious code can morph, so scanners look further than 1:1 file matching.
 

simonbramble

Active Member
I tried downloading a pdf book a couple of years ago from a Russian website and it reset my home page to a Spanish search engine website that I could not change. I had to restore to factory settings. Anything from Russia or China I would treat as suspicious until proved otherwise
 

Dr_Doggy

Well-Known Member
lol, now that sounds like a trusted method!

an embedded virus script cannot be run in a program that does not have the capabilities for scripts or instructions, ie the adobe reader could load all the viruses we want but when it comes to execution the reader has no idea what "format c:" means(or any other instruction)... because the reader is missing the part that says "pass to shell" or "launch a link" or "this is instruction code".

I designed 2 viruses over the past year, one was a script which the antivirus caught and erased right away(i think because of the way it modified the registry), the other was a vb.exe, antivirus has no idea about it ... and it s a fairly simple/straight forward program considering all i did was create 2 lines that says listen on TCP and pass TCP data to console(CMD)
 

MikeMl

Well-Known Member
Most Helpful Member
Thanks for all the info...
I solved the underlying problem by calling CustomerService for Octane Fitness. They have a service manual which they normally only give their dealers, but they emailed me a copy in consideration of me being 3 hours from their nearest service shop. It arrived virus free....
 
Status
Not open for further replies.

Latest threads

EE World Online Articles

Loading
Top