Malicious PDFs have become familiar features on the threat landscape, in no small part due to the popularity and ubiquity of Adobe Reader and Acrobat.
In a new report, researchers at Symantec took a deep look at how malicious PDF attacks hit users. According to Symantec, in the span of a year, the United States was the favored country to attack with PDF malware. In January, 59 percent occurred in the U.S., researchers found.
“Attackers use a variety of different channels to deliver malicious PDF files,” according to the report. “The threat landscape is dominated by three main channels, which are mass-mailing, drive-by downloads, and targeted attacks.”
Attackers sometimes pack junk parts into the malicious files in order to throw off antivirus software, Symantec found. Others times, they take advantage of Adobe Systems’ support for encryption to protect PDF documents. Malware authors use this feature to protect malicious content from being scanned by antivirus engines. There have also been examples of malicious JavaScript being broken into multiple small chunks of data and then concatenated together.
“We have seen an ever increasing use of PDFs for malicious purposes over the past two years,” blogged Fred Gutierrez, threat analyst for Symantec Security Response, who co-authored the report. “During this time, we have tracked the growth and usage and have been constantly improving our detections to handle the different evolutions of these threats. We see new vulnerabilities related to PDF readers discovered on a regular basis, often being exploited in-the-wild before a patch is available.”
The report can be downloaded here (PDF).