Beware of PDFs ???

The Portable Document Format ... PDF .... perhaps the most used way to share or distribute documents on internet ... its because it provides , portability , security and authoritativeness for documents , right ?? You might be surprised to read that , Acrobat Reader is perhaps the most downloaded and uses application among internet users ... reason ?? , because , its free , popular and ultra light .. ( err not by "weight" , by performance and resource consumption ) ...

Secure Computing’s Anti-Malware Research Labs spotted a new and yet unknown exploit toolkit which exclusively targets Adobe’s PDF format !!! This new toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities. Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this “ban time” the exploit is not delivered to that IP again, which is another burden for incident handling. Malware spreaders have put this kind of exploits to their arsenal of malicious weapons for a longer time already. The “Tibs” group of malware, for example, is known for planting malicious IFRAMEs onto infected legitimate web sites and having them refer back to their exploit servers. Dissecting the shellcode shows that the payload of the exploits tries to load more malware and the different number per exploit appears to be a kind of affilation ID to keep some statistics and track their different malware campaigns.


But , Secure Anti-Malware customers are protected since such PDF exploits are blocked proactively as “Script.Shellcode.Gen”!!! And don’t forget to not only patch the latested operating system and browser vulnerabilities, but also keep an eye on third-party browser plugins like Adobe Reader, Flash Player and QuickTime.

Better be carefull out there ....

Njoy ...