Security - Channel Insider
Empowering the next generation Channel

Pretty Dangerous Format: The Rising Trend of PDF Attacks
By Ericka Chickowski on 2010-06-03



Once considered one of the safest attachments around, the PDF format is becoming a fan favorite among cybercriminals looking to spread their malcode, infect machines and beef up their botnets. We take a look new data that shows just how dangerous the PDF format has become, how hackers are using malicious PDFs to perpetrate attacks and what you can do to protect against them.
  • of
Malicious hackers use the PDF file format's extended features against users by modifying PDF files in order use them as attack tools that exploit vulnerabilities in the Adobe products that read the files.

According to Symantec's Internet Security Threat Report, researchers at the company estimated that 49 percent of all web-based attacks in 2009 used infected PDF files to propagate.

McAfee says that in 2007 and 2008, only 2 percent of all malware exploited vulnerabilities in Adobe Reader or Adobe Acrobat.

In 2009, the percent of malware exploiting Reader and Acrobat vulnerabilities jumped to 17 percent.

And in the first quarter of 2010, McAfee researchers say the number jumped up to 28 percent.

Meanwhile, security researchers at F-Secure said that among the 900 targeted attacks it found during the first two months of 2010, 61 percent exploited Reader vulnerabilities.

Last month Trend Micro highlighted one example of how a recent malicious PDF worked, alerting users that hackers embed malicious objects that exploit Adobe buffer overflow and TIFF vulnerabilities.

That exploit then allows the Trojan to connect to malicious URLs in order to download more damaging files on the machine to continue the attack.

Meanwhile, numerous security researchers last month warned that crooks are taking advantage of a design flaw in the "/LAUNCH" feature in PDFs to develop new attacks.

The feature allows PDFs to execute code using the "/Launch" command. Hackers can create a malicious PDF that launches CMD.EXE in order to create malicious scripts that attack the system.

You can help mitigate the risk of PDF attacks through the following steps:

• Keep Systems Patched
• Harden Configurations To Disallow Unnecessary Features
• Keep Security Systems Updated
• Train The Users

Keep Systems Patched

A great deal of PDF attacks take advantage of vulnerabilities for which Adobe has already released patched--including the ones Trend Micro warned about.

Harden Configurations to Disallow Unnecessary Features

Some vulnerabilities--such as the "/Launch" design flaw--still remain unpatched. However, partners can help customers mitigate risk by configuring systems to block such features for better protection.

Keep Security Systems Updated

Always make sure your customers' threat protection systems are continuously updated--security vendors try to stay on top of the most recent PDF threats.

Train the Users

Many PDF attacks can be stopped dead in their tracks if users simply choose not to open errant spam attachments.

  • More slideshows

  
CHANNEL RESOURCE CENTER
 
 
 

Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking.
Learn More
 
WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace.
Click Here
 
Check out our top five picks for technologies that will change the game in enterprise computing.
Learn MoreClick Here