Malicious PDF files - Grow in sophistication and volume - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Malicious PDF files - Grow in sophistication and volume

PDF files are becoming a key method for malicious attacks as documented in these four informative articles. Attacks are increasing in terms of volume and complexity.

AVERT Labs - Surrounded by Malicious PDFs
http://www.avertlabs.com/research/blog/index.php/2010/04/26/surrounded-by-malicious-pdfs/

QUOTE: Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009. Today malware involving malformed PDF file are legion. From less then 2 percent of malware directly connected to exploits in 2007 and 2008, they have reached 17 percent in 2009 and 28 percent during the first quarter of 2010.

Trend - PDF Exploit Becomes a Little More Sophisticated
http://blog.trendmicro.com/pdf-exploit-becomes-a-little-sophisticated/

QUOTE: PDF files—or their inherent features—have been used by cybercriminals in some of the most noteworthy attacks we have encountered. Modified versions of this file type have been especially notorious these past few months since they are capable of attacking user systems by initially exploiting inherent vulnerabilities found in Adobe Reader and Acrobat.

Sunbelt - PDF file with a malicious downloader agent embedded
http://sunbeltblog.blogspot.com/2010/04/using-pdf-file-as-downloader.html

QUOTE: It uses a script in a PDF file to install a back door that starts up whenever Internet Explorer is launched. The infected svchost.exe file that it drops has been around for a while, but using a malicious PDF file to drop it is the interesting new twist. We’ve seen other reports of similar malware out there today.

Sophos - Postal Theme PDF SPAM
http://www.sophos.com/blogs/sophoslabs/?p=9413

QUOTE: The Bredo malware-spammers are back, and they’ve been reading about how to run executable files from a PDF using /Launch, a trick we’d already started to see used by malware. This latest spam campaign uses this technique (it’s not really exploiting a vulnerability as such, since PDFs were specifically designed to be able to do this) in a slightly modified format.

Posted: Apr 28 2010, 06:08 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.