PDF exploits explode, climb in 2010

Exploits of Adobe's PDF format jumped dramatically last year, and continue to climb during 2010, a McAfee security researcher said.

. What's this?

By Gregg Keizer

April 29, 2010Computerworld

Exploits of Adobe's PDF format jumped dramatically last year, and continue to climb during 2010, a McAfee security researcher said Wednesday.

Microsoft , meanwhile, recently said that more than 46% of the browser -based exploits during the second half of 2009 were aimed at vulnerabilities in Adobe's free Reader PDF viewer.

According to Toralv Dirro, a security strategist with McAfee Labs, the percentage of exploitative malware targeting PDF vulnerabilities has skyrocketed. In 2007 and 2008, only 2% of all malware that included a vulnerability exploit leveraged an Adobe Reader or Acrobat bug. The number jumped to 17% in 2009, and to 28% during the first quarter of 2010.

"In the last three years, attackers have found PDF vulnerabilities more and more useful, for a couple of reasons," Dirro said. "First of all, it's increasingly difficult for them to find new vulnerabilities with the operating system and within browsers that they can exploit across the different versions of Windows. And second, Reader is one of the most widely deployed applications that allows files to be accessed or opened within the browser."

Other factors for the jump in PDF exploits, argued Dirro, range from user belief that PDFs are safe to open, or at least safer to open than Microsoft Office documents, to the age of Adobe's code. "Quite a lot of PDF code was written years ago, and attackers are finding new security problems that no one thought of then," Dirro said. "That makes it difficult for Adobe to clean it up."

A recent discovery illustrated Dirro's point. Earlier this month, Belgium researcher Didier Stevens demonstrated how malicious PDFs could use a by-designed feature of the PDF specification to run attack code hidden in the file, and how to modify a warning message that Adobe Reader displays to further trick users into opening the document. Although some of what Stevens revealed has been publicly known for at least eight months, the technique has only been picked up by hackers in the last several weeks.

A major malware campaign using Stevens' tactics began Tuesday, with malicious PDFs attached to messages masquerading as instructions from companies' network administrators.

Microsoft also recently reported that PDF exploits remains a potent part of hackers' arsenals. In its newest Security Intelligence Report , Microsoft said that nearly half of all browser-based exploits in the second half of 2009 targeted Adobe's Reader. Three Reader vulnerabilities -- which were patched in May 2008, November 2008 and March 2009 -- accounted for more than 46% of all browser attacks.

Originally published on www.computerworld.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER