Security firm Finjan reveals more cybercrime with PDFs

Security firm Finjan has released its ‘Web Security Trends Report Q4 2008’ (N.B.: the report requires registration), findings from its Malicious Code Research Center, identifying and analyzing the latest trends in cybercrime.

The report details how cybercriminals usage of PDF and Flash files is on the upswing as vehicles for distributing their malicious code and for infecting end-user PCs.’

The report outlines the ubiquitous usage of PDFs by email and over the Web and states, ‘PDF as a cross platform file format is perceived as harmless – incorrectly so.’

Finjan’s report said that cybercriminals are capitalizing on the amount of Adobe Readers installed on PCs, and notes, ‘Since cybercriminals are well aware that most of us have Adobe Readers installed on our PCs, they also know that the added scripting support offers another way to exploit our PCs to install their crimeware.’

Finjan also said the popularity of crimeware toolkits have further increased the risk of PDF cybercrime noting, ‘We at Finjan found that many of those toolkits now include a new component that dynamically creates malicious PDF files to infect corporate PCs with crimeware.’

Versions 1.4 and beyond of the PDF format incorporate script capabilities, which create more security risks for the file.

The report notes that in November and December of 2008, Finjan’s Malicious Code Research Center had identified two PDF vulnerabilities including: collectmailinfo vulnerability and util.printf vulnerability. Both are buffer flow weaknesses and can be exploited with the same techniques used for browser-based exploitation. Adobe has release security fixes for both vulnerabilities, but at issue is the amount of PDF users that have yet to update their PDF readers, according to Finjan.

The report recommends users maintain both their Web and email content filtering while using PDF files and notes, ‘Since malicious PDF files are created dynamically, Anti-Virus signatures are limited in inspecting PDF files in real-time and for detecting suspicious computer operations used by these files to exploit known vulnerabilities.’ The report also recommends the usage of active real-time content inspection software that can inspect PDF scripts in real-time to find malicious code without signatures.

For more information and to see the full report you can go here.

You May Also Like

About the Author: Nettie Hartsock

Leave a Reply