PDF Exploits - A Hot Trend That’s Getting Worse

PDF Exploits - What You Don’t Know Can Hurt You

In a previous post, I referenced Semantec’s Internet Security Report 2010 finding that PDF exploits were sharply on the rise in 2009. Recenly, there have been alarming reports of new PDF exploits that are of a particularly malicious nature. What is also noteworthy is they contain new techniques and strategies to accomplish their tasks.

• Security research at McAfee reports that these exploits are continuing to increase in 2010.

• Additionally, according to McAfee labs, only 2% of all malware took advantage of Adobe Reader/Acrobat in 2007 and 2008. In 2009, that figure increased to 17% and 28% in the first quarter of 2010.

• Microsoft has stated that 46% of browser exploits, in the latter half of 2009, were directed toward Adobe’s free PDF viewer.

A PDF was identified by TrendLabs Malware blog which contained exploits for two previous security loophole patches. This is a continuing trend with hackers and programmers on the dark side. They work to exploit existing weaknesses in any application or entrance vehicle.

First though, current Adobe software provides protection against this particular exploit.

The nature of this PDF exploit involves an embedded XML file which contains a virulent TIFF file. This file then downloads existing malware off the net and executes it.

There’s a yet separate PDF exploit that uses the ‘/Launch’ capability and when the PDF is run and confirmed, it executes a malicious embedded file. The PDF itself uses a variance of the ‘Launch’ command, and while a dialog box is opened either choice that is made results in malicious activity.

M86 Security Labs recently reported an infected PDF also taking advantage of the “Launch” feature. But in that case the installed malware was identified as the data-stealing bot, Zeus which has not been observed in this type of PDF exploit.

So far, Adobe has yet to respond with a fix for this situation.

The “launch” PDF exploit has been seen in spam message attachments. So, as you should know, it is never advisable to open attachments from unknown senders. If you have any suspicions at all, the conservative action is to always avoid opening any attachment from unknown senders.

It’s also very highly recommended to maintain current software for all security related applications, and especially Adobe’s software if you use it.

Tags: Adobe Acrobat pdf malware, Adobe Reader exploits, data stealing, executable pdf malware, McAfee security, pdf attachments in spam, pdf exploits, spam attachments, Zeus malware

Like this post? Subscribe to my RSS feed and get loads more!