Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

PDF files most trusted...and most targeted

A new report from MessageLabs shows that PDF files are a common and growing attack vector for malicious exploits.

PDF files are one of the most common, and most trusted document formats out there. However, that trust, combined with the cross-platform use of PDFs makes the Adobe file format one of the most targeted and exploited by malicious attacks as well.

Symantec's MessageLabs has released the February 2011 Intelligence Report. The report details a variety of threats, including the ZeuS and SpyEye botnets, the rise in spam and phishing attacks, and an increase in malicious websites. But, one of the things that stands out is how PDF files are such a common, and growing target for malicious attacks.

Adobe has become a popular target for malware and malicious exploits. Adobe Reader, Adobe Flash, and other relatively ubiquitous Adobe products represent low-hanging fruit providing malicious developers with vulnerabilities to take advantage of.

In 2010, 65 percent of targeted attacks used PDF file exploits. The inherent--albeit unfounded--trust that users seem to place in PDF files makes the file format a prime vector for delivering malware and compromising PCs. If the trend continues, PDF-based attacks will account for more than three quarters of targeted attacks by the middle of 2011.

The MessageLabs report explains, "For years, PDFs have been used to stage targeted and now non-targeted attacks, but many people still consider PDFs a relatively trusted file type. In fact, the PDF is one of the most commonly used file formats with which to exchange electronic documents."

The report continues, "However, PDFs are potentially one of the most dangerous file formats available and should be treated with caution, much as EXE files should be. Because it is significantly easier to generate legitimate and concealed malicious content with PDFs, they are much more dangerous than EXEs."

Don't abandon the PDF file format, but also don't place undue trust or confidence in it. Malicious attackers will prey on that trust. Also, make sure you keep Adobe Reader up to date to take advantage of new security controls introduced by Adobe, and ensure that any known vulnerabilities are patched.

It is some sort of poetic irony, I suppose, that the February 2011 Intelligence Report is in PDF format itself. Seems like a bizarre paradox for the security report alerting me to the dangers of PDF files to be distributed as a PDF file.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Adobe, MessageLabs, Symantec
References show all

Comments

1

Pharma765

Sun 08/04/2012 - 08:04

Hello! cbbcega interesting cbbcega site! I'm really like it! Very, very cbbcega good!

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: antispam, malware, phishing, security, spam, symantec, viruses
Latest Blog Posts
Whitepapers
  • OVUM Report: Governance Risk and Compliance-- GRC usage and buying trends in the ANZ markets
    The existence of an established and stable governance risk and compliance strategy is extremely important to public and private sector organisations as they strive to meet an evergrowing range of regulatory demands. Given the current constraints, it is one of the few areas where the vast majority of organisations intend to either maintain or in many cases increase spending. Read more.
    Learn more »
  • 8 reasons why Citrix NetScaler beats the competition
    Application delivery controllers (ADC) are one of the most critical elements of cloud infrastructures and enterprise data centre architectures. ADCs strongly impact performance, scale and security of the entire application environment, so it is extremely important for IT leaders to choose the right one.
    Learn more »
  • Lower Your IT Costs When You Standardize on Oracle Database 11g
    As business operations become more complex, the demand for change in IT increases, along with the associated risks that must be mitigated. Today’s IT professionals are asked to manage more information and deliver it to their users in a timely manner with ever-increasing quality of service. And in today’s economic climate, IT must also reduce budgets and derive greater value out of existing investments.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments