PDF Security - Malicious attacks increase during April 2013
Corporate and home users should avoid suspicious PDF documents as well as ensuring they use the latest version of PDF software. For example, Adobe Reader XI (11.0.02) now offers sandbox security controls, protected mode processing, and other security controls not found in earlier versions.
QUOTE: Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is associated with ongoing APT campaigns.
Our research indicates that attackers engaged in APT campaigns may have adapted the exploit made infamous by the MiniDuke campaign and have incorporated it into their arsenal. At the same time, we have found that other APT campaigns seem to have developed their own methods to exploit the same vulnerability. The increase in malicious PDF’s exploiting CVE-2013-0640 may indicate the start of shift in APT attacker behavior away from using malicious Word documents that exploit the now quite old CVE-2012-0158.