The Rise of PDF Malware
What can you do to protect yourself?
To avoid being infected, a user can consider the following actions:
support in their PDF reader that effectively prevents a large number of exploits from working.
Keep up-to-date with all software patches for your installed PDF reader software.
Note: There is a lag time between the discovery of a vulnerability and a patch from the vendor being available.
Attackers often take advantage of this gap and try to exploit an unpatched vulnerability. However, keeping
your PDF software patched and updated significantly reduces the risk and exposure.
Keep antivirus and IPS definitions up-to-date.
Always exercise discretion in opening a PDF document from an untrusted source.
Symantec’s naming convention
The number and variety of malicious PDFs in the wild at present with regards
to different exploited CVEs have accordingly led to a complex threat naming
convention. Symantec currently has 9 specific variants of detections for mali-
cious PDF files. We use the name Trojan.Pidief to detect specific exploits in
malicious PDF files.
At Symantec, we believe a layered approach to security is the best way to keep
oneself protected. After patching and downloading the latest updates and
versions, having a good anti-virus product installed on the machine may be
able to catch the remaining threats. We have several names to detect specific
attacks to make it easier to categorize the type of attack.
Due to the sheer number of PDF threats we see, we also use several generic
detection routines named Bloodhound.Exploit and Bloodhound.PDF to detect
general malicious properties and exploit characteristics within PDFs to protect
Regardless of which methods are chosen to stay protected, the threat landscape will continue to grow and
change. PDF attacks are on the rise worldwide and show no indication of slowing down. Modern exploit packs
have made it relatively simple to create an effective PDF attack. The popularity of these exploit packs along with
the success that attackers have been enjoying using PDFs has lead to an explosion in the use of malicious PDFs
as an attack vector. In addition to Web based attacks, spam campaigns using malicious PDFs have proven to be
successful attack vectors for malware authors also, leading to a large amount of spam containing malicious PDFs
of all types. The malware authors are working hard to evade detection and are constantly inventing new obfusca-
tion techniques in an effort to stay undetected.
Due to the fast changing threat landscape it is essential to use updated security products and to use a multi-
layered approach to protection to ensure users stay protected.