Q

PDF malware: How to spot, prevent emerging PDF attacks

Enterprise threats expert Nick Lewis explores emerging techniques being employed in PDF-based malware attacks and tells how to defend against them.

I've read that PDFs are increasingly being used as part of advanced persistent threat attack campaigns. Could you

describe some of the latest techniques attackers use in PDF attacks, and can you suggest tools to use for scanning PDFs for malicious inclusions? Or should antimalware/email scans already be picking up on such threats?

Ask the Expert

SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

Advanced persistent threat (APT) attack campaigns are likely using PDF files because most regular users assume they are safe to open, as PDFs are widely accepted in both business and everyday email attachments. By using phishing emails masquerading as fax messages, scans from a multi-function printer, delivery notices, etc., the hacker is hoping to entice the user to open the "trusted"-yet-malicious file.

To mitigate these threats posed by PDF malware, it is critical to combine security awareness and technical controls, since neither method will protect all scenarios on its own.  

Simply put, traditional antimalware or email scans will not catch these new PDF malware attacks. However, security tools that open PDFs in a sandbox environment can be used to identify malicious behavior from the PDF.

Additional tools that can be used for scanning potentially malicious PDFs are described by SearchSecurity contributor Lenny Zeltser in his blog post on analyzing malicious documents. These tools can identify potentially infected JavaScript or strings for commands in the file. Once the malicious content has been extracted, it could be analyzed to determine if any external websites have downloaded other malware. Therefore, any PDF that contains JavaScript or accesses a system external to your network should be investigated.

This was first published in November 2013

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close