Today I wrote a simple program that scans PDF files and detects the malicious ones.
7 malicious PDFs downloaded from malwaredomainlist.com and mdl.paretologic.com
493 good PDFS downloaded from a reputable source
Here are the results shown in this YouTube video:
I will try to collect more files to make sure the results stay the same, but so far it [...]
View full post on Malware Diaries
Related Posts
- Surrounded by Malicious PDFs
Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009.
Since January ... - Detecting Malicious PDF Files
For the past few days I have been completely immersing myself in PDF research in hopes to find better ways to detect malicious PDF files. I have collected a pretty good random sample set (15K) of PDF... - Malicious PDFs find a novel way of running JavaScript
Earlier this year I gave a talk at the Virus Bulletin conference in Vancouver about malicious PDFs.As a consequence of that paper, I received a number of enquiries from other researchers working in th... - Malicious PDFs: A summary of my VB2010 presentation
Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin ... - New version of Malicious PDF Scanner
We added a new generic signature to detect malicious PDFs. Hackers never run short of new ideas to obfuscate malicious code. The use of hexadecimal characters is quite typical to give parsing engines ... - Malicious PDFs cause trouble at the Ministry
It seems someone compromised the ministryofrum(dot)com recently, replacing an understanding and appreciation of rum with malicious PDF files instead.
The site is fixed now, but compare the clean s... - Analysis of a set of malicious and-or malformed PDF(s)
Hi,As promised some day ago, I'll increase the number of posts centred on Malicious PDF Analysis, focusing attention on the most common malformations, that could make harder or block common inspection... - Launching malicious content from PDFs
Last week, Didier Stevens (an independent security researcher) wrote a blog about a security hole in PDFs. In it he described how to launch arbitrary files from within a PDF.
Following on from Didier&... - CaptureHPC – detecting malicious websites
We are currently experimenting with the honeyclient solution CaptureHPC. We have written our own scheduler and client handler in Python and only use the Capture client application to monitor chan... - Malicious PDFs utilizing Launch Action Now Seen in the WILD!
We all knew it was coming, so I doubt anyone is going to be shocked to learn that SophosLabs is reporting they have now seen the first instance of a malicious PDF file utilizing the Launch action. Pa...
Posted on 09 June 2010. Tags: detecting, Malicious, PDFs, Scanner
