Security firm Finjan reveals more cybercrime with PDFs

December 11, 2008


Security firm Finjan has released its "Web Security Trends Report Q4 2008" (N.B.: the report requires registration), findings from its Malicious Code Research Center, identifying and analyzing the latest trends in cybercrime.

The report details how cybercriminals usage of PDF and Flash files is on the upswing as vehicles for distributing their malicious code and for infecting end-user PCs."

The report outlines the ubiquitous usage of PDFs by email and over the Web and states, "PDF as a cross platform file format is perceived as harmless incorrectly so."

Finjan's report said that cybercriminals are capitalizing on the amount of Adobe Readers installed on PCs, and notes, "Since cybercriminals are well aware that most of us have Adobe Readers installed on our PCs, they also know that the added scripting support offers another way to exploit our PCs to install their crimeware."

Finjan also said the popularity of crimeware toolkits have further increased the risk of PDF cybercrime noting, "We at Finjan found that many of those toolkits now include a new component that dynamically creates malicious PDF files to infect corporate PCs with crimeware."

Versions 1.4 and beyond of the PDF format incorporate script capabilities, which create more security risks for the file.

The report notes that in November and December of 2008, Finjan's Malicious Code Research Center had identified two PDF vulnerabilities including: collectmailinfo vulnerability and util.printf vulnerability. Both are buffer flow weaknesses and can be exploited with the same techniques used for browser-based exploitation. Adobe has release security fixes for both vulnerabilities, but at issue is the amount of PDF users that have yet to update their PDF readers, according to Finjan.

The report recommends users maintain both their Web and email content filtering while using PDF files and notes, "Since malicious PDF files are created dynamically, Anti-Virus signatures are limited in inspecting PDF files in real-time and for detecting suspicious computer operations used by these files to exploit known vulnerabilities." The report also recommends the usage of active real-time content inspection software that can inspect PDF scripts in real-time to find malicious code without signatures.

For more information and to see the full report you can go here.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.