RSA Admin

What Happens If You Visualize a Malicious PDF?

Discussion created by RSA Admin Employee on Jan 29, 2013
Latest reply on Feb 7, 2013 by RSA Admin

The Informer's Visualize service uses Microsoft Silverlight to display documents as images.  So if you encounter a malicious PDF document that contains exploit code, many people get worried that they might be exploited themselves.  There is no exploit, but the PDF actually stands out amongst a cluster of normal documents.  Check out the screenshot:

 

54095

 

What makes this document stand out is the gibberish on the page.  This document was extracted when someone visited a malicious website, hit malicious javascript and got redirected to this document.  In a collection of 75 PDF's, this stands out pretty well due to its malformation.  Not every malicious PDF document will reconstruct well in Visualize, but when they do it makes them pretty easy to spot.

Outcomes