Didier Stevens

Wednesday 20 May 2009

Download My Hakin9 Article “Anatomy of Malicious PDF Documents”

Filed under: Malware,PDF — Didier Stevens @ 18:21

Hakin9 has released my article “Anatomy of Malicious PDF Documents” from their latest issue. Get it here in exchange for an e-mail address.



  1. Thanks for trying to share this PDF document. Unfortunately,
    the link to the hackin9.org site is down. 404 errors.

    Comment by alerter — Sunday 24 May 2009 @ 9:41

  2. I’ll tell the Hakin9 girls.

    Comment by Didier Stevens — Sunday 24 May 2009 @ 15:47

  3. I read the article a while ago. Nice effort put on to explain stuff 😉

    Comment by webDEViL — Sunday 31 May 2009 @ 14:59

  4. Did anybody else read that as “Anatomy of Delicious PDF Documents”?

    Comment by john — Tuesday 16 June 2009 @ 18:39

  5. I consult for a company that gets targeted by these malicious pdfs a lot. I downloaded your pdf tools and they are awesome. I noticed in one of the infected pdf files that there are references to http://www.pdf-repair.com as the “creator” and the “producer”. That software is supposedly used to fix corrupted pdf files. Would they be using that to make it easier to craft their exploited pdf files?? Thanks for your input.


    Comment by Matt Brussock — Wednesday 17 June 2009 @ 0:09

  6. It could just be that they used pdf-repair because their PDF got corrupted…

    Comment by Didier Stevens — Saturday 27 June 2009 @ 22:02

  7. Hello Didier,
    I have only recently discoverd your blog and I think that it is wonderful!:)

    I was able able to find a copy of the Anatomy of Malicious PDF Documents article on the web which I really enjoyed reading. I was unable to download any magazines or other material from the Hakin9 web site.

    I am particulary interested in reading the follow up article which covers how to use your PDF tools. This was published in the 06/2009 issue :Windows FE Forensic Live CD.

    The trouble is I am unable to download it. I tried clicking on the link to download the pdf, then entering my email address to subscribe to the newsletter.

    Then clicking on the link to confirm my email and to activate my subscription has no effect. I’m still prompted for a subscription email address when I try to download the magazine.

    I would be very grateful if you or indeed anyone else forward me a link to this article please.

    Thank you,

    Comment by Robert — Friday 18 June 2010 @ 11:14

  8. @Robert The article is till available, but on another page: http://hakin9.org/magazine/article

    Comment by Didier Stevens — Sunday 20 June 2010 @ 18:55

  9. […] of the simpler constructions are rather trivial, and are described well in Didier Stevens blog “Anatomy of malicious PDF documents”, however it can get much more complex when things like Filters are […]

    Pingback by Empty PDF delivers nothing but pain | Naked Security — Sunday 17 October 2010 @ 19:56

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.