Wednesday, January 5, 2011

Portable Document Format Malware

Symantec continues to observe a large amount of malware that exploits PDF vulnerabilities. We see samples using old vulnerabilities, even though those vulnerabilities were found over two years ago and have already been patched. One of the reasons why such samples are used is the existence of techniques to avoid antivirus detections by taking advantage of the PDF specifications. Symantec has been and continues to be on the lookout for PDF malware to create signatures to detect them.

A few weeks ago I presented a paper at AVAR 2010 discussing PDF malware that takes advantage of the PDF specifications and the implementation of PDF viewer applications to hide themselves.

This paper shows concrete examples of detection avoidance from the point of view of PDF and JavaScript. By knowing your enemy like you know yourself, we hope that it helps your defenses. With this objective we present the whitepaper on Portable Document Format Malware.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.