RSS Alerts

Related Links

Related Stories

  • Attackers use PAC feature to redirect browsers
    Brazilian malware writers are making use of a long-available feature within most modern browsers to launch attacks that redirect victims to malicious websites without their knowledge. The feature, known as proxy auto config, is turning up in banking trojans, according to researchers from Kaspersky.
  • PDF attacks target defense community
    Evidence of further targeted attacks are surfacing, just days after Google and other technology companies announced that they had been the victims of a concerted campaign. This time, the attacks targeted PDFs of those in the US defense community, and occurred more recently.
  • Adobe admits to another PDF security vulnerability
    Adobe has announced its latest zero-day security vulnerability in what has become a litany of such flaws this year - and this one won't be patched until halfway through January.
  • Learn about PDF security
    LockLizard explores the pitfalls of PDF security in its white paper 10 Things You Really Wished You Had Known About PDF Security.
  • Malicious activity in emerging regions a threat to all business, says Symantec
    Businesses need to take note of the increase in malicious cyber activity in emerging countries, particularly those offshore and outsourced operations, says Symantec.

News

PDF attacks skyrocket, says Symantec

21 April 2010

Web-based attackers are increasingly targeting PDF files to compromise machines online, according to new figures released by Symantec. In the April version of its Internet Security Threat Report, the company revealed that half of all Web-based attacks in 2009 targeted PDF files, compared to just one in 10 attacks reported the previous year.

"Specifically, this attack consists of attempts by attackers to distribute malicious PDF content to victims through the web," the report from Symantec said. "The attack is not directly related to any specific vulnerability, although the contents of the malicious PDF file would be designed to exploit arbitrary vulnerabilities in applications that are able to process PDFs."

Mark Fossi, executive editor for the Internet Security Threat Report and manager of security response at Symantec, said that the popularity of PDFs as an attack vector stems from the fact that it is an open file format, making it easier to attack multiple software plug-ins and readers. "There are more applications out there that are capable of rendering PDFs, whereas it used to be just an Adobe product." Just this month, Foxit Software had to patch its own PDF reader software in an attempt to make it easier to spot an as-yet unsolved exploit targeting the underlying design of the portable document format.

Brazil has become an increasingly pervasive source of online threats, thanks to increasing broadband penetration in the region, according to the report, which saw Brazil topple Germany from its long-held third place for overall malicious activity by country. Germany is now in fourth place, with 5% of malicious activity, compared to Brazil, with 6%. The US and China still top the charts however, with 19% and 8%, respectively.

"Germany didn't move to fourth place because of declining activity in that country," pointed out Fossi. "Activity is rising in general".

Brazil ranked first, as it did last year, when it came to spam zombies, indicating that it is mainly consumer machines that are being compromised and then used as conduits for malicious activity by online criminals. It also ranks third in terms of bots (which are closely linked to spam zombies), but came a poor 12th in terms of phishing hosts, further supporting the view that increased broadband penetration of the consumer market is a major cause for the rise in Brazil's malicious profile.

However, this is not the only major cause, according to the report. "Brazil's rise as a source of malicious activity to third place in 2009 was mainly due to a significant increase in its ranking for malicious code, for which it rose up to fifth in 2009 from 16th in 2008," said the document, suggesting that the Downadup worm, also known as Conficker, had been particularly successful in Brazil, ranking fourth in terms of infected countries.

"One explanation for the success of Downadup in Brazil is that it is able to specifically target certain regions based on the identification of the language setting of the computer, one of which was "Portuguese (Brazilian)", it said.

Conficker is also a cause for concern. Although press coverage of the worm has died down, there are still around 6.5 million infected machines globally, according to the report. Although they have not yet been used for any significant criminal activity, the threat remains a viable one.

Symantec identified twice as many distinct new malicious programs as it had done in 2008, the report noted, adding that web-based attacks continue to grow. Compromised identity information continues to increase, with 60% of all data breaches that exposed identities happening as a result of hacking. Spam made up 88% of all email observed by Symantec.

 

This article is featured in:
Application Security Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water