Jump to content

PDF, ePub. Mobi and Malware

gonwk

By gonwk
in General Windows PC Help

 Share

Recommended Posts

gonwk

gonwk

Posted
Posted

Hi folks,

 

After searching the Forum since I did not find anything close to my Q ... and since I was not sure where to post this Q ... I posted it here ...

 

I came across an Article on MBAM Blog which kind of shocked me ... I thought PDF files were "Safe" well, I now know I was Wrong.

 

http://blog.malwarebytes.org/intelligence/2013/08/the-malware-archives-pdf-files/

 

So, here are my Questions ...

 

Q1: If I run a PDF file thru VirusTotal site and it comes out Clean ... should I assume it does NOT have Malicious Software embedded in it?

 

Q2: If I get a PDF file that might have Malicious Commands in it ... if I convert it via Calibre to another Format ... say a Text or an RTF or ePub or MOBI ... would these New Converted Formats be "Free" of the Original Malware?

 

Or would Opening the PDF into Calibre program infected my laptop already?

 

Q3: Can "Malware" be inserted into an ePub or MOBI file?  Same as a PDF file?  Or are these Formats Safer?

 

Thanks,

 

G! :)

 

 

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

Q1:

 

PDF files do NOT have Malicious Software embedded in  them.  PDF files carry exploit code.  If the PC has the vulnerability that the PDF exploit targets then the PC downloads and executes malware.

 

If you submit a PDF to Virus Total and the file is not flagged, there is a very good chance it is NOT malicious.

 

Q2:

 

PDF files do NOT have Malicious "commands" in them.  This points back to answer of Q1.  Since malicious have zero actual content, they should be just deleted.  Legitimate PDF files with con tent do not become malicious.  PDF files that are malicious are MADE to be malicious.

 

Q3:

 

Back to answer to Q1.  They would be exploits.  However these file formats are rarely used in a vulnerability/exploitation vector.

Link to post
Share on other sites
gonwk

gonwk

Posted
  • Author
Posted

Hi David,

 

Thanks for taking the time to answer my Q's and straightening me out on "Exploits" ...

 

David, since you are pretty savvy on these things ... 2 more Q's if you would please

 

Q1: If you had to choose a Format or two that has a "LESS" of a Chance for Exploits from these which one would go for ...

Text, RTF, MOBI, ePub, PDF ...?

 

Q2: Let's say a PDF does have an "Exploit" in it, if I use Calibre and convert it to ePub or RTF or Text ... another format other than PDF ... will Exploit be Removed from the New File?

 

Thanks for Your Help & Time!

 

G! :)

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

Q1:

 

What formats are used are dependent on what is the content.  Take PDF and RTF.

PDF is a Published Format.  That means the file is not an editable file.

RTF is a processing format.  That means in that format the contents can be edited and changed.

 

Thus the intent of the document type drives the document format.

 

Q2:

 

I'll repeat my precious statement.

 

Since malicious PDF files have zero actual content, they should be just deleted.  Legitimate PDF files with content do not become malicious.  PDF files that are malicious are MADE to be malicious.  Thus conversion to another format such as ePub or RTF is a moot point because there is n o content to convert.

 

Please see the attached PDF.  It shows the content of what was a malicious PDF and what it contains after the code was deobfuscated.
Banner.PDF analysis.pdf

 

NOTE:  The PDF I posted is NOT malicious.  It was created from graphical representations of the malicious code so thre is actually no malicious code in that file

Link to post
Share on other sites
  • 4 months later...
Francus

Francus

Posted
Posted

This thread is very interesting.

 

I have a doubt.

 

I wrote a book and sent it to a specialized editor that seems to have good references to prepare it in epub form.

 

I am sure this person is not a hacker trying to put some malware into this epub. But, of course I have not control over her computer which may use cracked editors or be full of viruses or whatever.

 

So my question is:

Is it possible that any malware infects my epub, even if the editor is not aware of it?

 

I am confused. I know that malware can authomatically infect executable files. But epub? Is it theorically possible?

Link to post
Share on other sites
CWB

CWB

Posted
Posted

"But, of course I have not control over her computer which may use cracked editors or be full of viruses or whatever."

 

a suggestion ...

if you have reason to doubt the integrity (and equipment) of your *publisher* , perhaps it would be best to find another that is more reputable .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.