Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009.
Since January 1, Adobe vulnerabilities have continued to appear. During this period, five are classified as medium, while about 30 are judged high-level threats.
Now we find the Zeus botnet is also taking advantage of a PDF flaw: This vulnerability, along with about 15 others, are now covered by the recent patch (ABSB10-09).
In 2007 and at the beginning of 2008 most of the exploit samples in our malware collections were linked to HTML/iframe, WMF, or DCOM vulnerabilities.
Today malware involving malformed PDF file are legion. From less then 2 percent of malware directly connected to exploits in 2007 and 2008, they have reached 17 percent in 2009 and 28 percent during the first quarter of 2010. For Adobe Reader software, 2010 seems to be the year of living dangerously.
View full post on McAfee Avert Labs
Related Posts
- Malicious PDFs find a novel way of running JavaScript
Earlier this year I gave a talk at the Virus Bulletin conference in Vancouver about malicious PDFs.As a consequence of that paper, I received a number of enquiries from other researchers working in th... - Malicious PDFs: A summary of my VB2010 presentation
Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin ... - Malicious PDFs cause trouble at the Ministry
It seems someone compromised the ministryofrum(dot)com recently, replacing an understanding and appreciation of rum with malicious PDF files instead.
The site is fixed now, but compare the clean s... - PDF Scanner: detecting malicious PDFs
Today I wrote a simple program that scans PDF files and detects the malicious ones.
7 malicious PDFs downloaded from malwaredomainlist.com and mdl.paretologic.com
493 good PDFS downloaded from a reput... - Analysis of a set of malicious and-or malformed PDF(s)
Hi,As promised some day ago, I'll increase the number of posts centred on Malicious PDF Analysis, focusing attention on the most common malformations, that could make harder or block common inspection... - Launching malicious content from PDFs
Last week, Didier Stevens (an independent security researcher) wrote a blog about a security hole in PDFs. In it he described how to launch arbitrary files from within a PDF.
Following on from Didier&... - Malicious PDFs utilizing Launch Action Now Seen in the WILD!
We all knew it was coming, so I doubt anyone is going to be shocked to learn that SophosLabs is reporting they have now seen the first instance of a malicious PDF file utilizing the Launch action. Pa... - Malicious Spam on the increase again
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion o... - Yahoo! PH Purple Hunt 2.0 Ad Compromised
Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.Curious as I am, I clicked on the ad and surprisingly my browser downloaded a sus... - Facebook Events, Credits, and Passwords Being Used for Attacks
Facebook has expanded its range of service offerings, making the site so much more than a place where users can interact with one another. It has been said several times that Facebook is bound to repl...
Posted on 08 February 2011. Tags: Malicious, PDFs, Surrounded
