Hi malware fighters,
G-Data warns that PDF is an insecure fileformat...
PDF is a nifty, but because of all security leaks an insecure file format , G Data warns. Last year 74 holes were found up for Adobe Reader and Acrobat, twice the number of 2008. The benefits to use PDF are clear. Through all sort of free PDF Readers it can be opened on various systems. Then it is hard to change a PDF file, something to prevent unauthorised changes of the file. Also it is a compact format, making it attractive to send as an attachment with emails.
Over the years the PDF file format got more features, adding greatly to the complexity of the software. Resulting in finding exploits and security holes a lot easier. Through simple toolkits like there are Eleanor, Liberty Exploit System or Elfiesta, it is quite easy to produce infested PDF-files. Such programs can be run without almost any technological insight from the side of the cyber criminals.
Attack
The majority of exploits will use an embedded JavaScript that will be executed upon opening the file. The malicious Javascript will use the so-called Heap Spray-method to overload memory with NOP-commands (No Operation-commands) and also by reloading the shellcode over and over again. The JavaScript-vulnerability in the PDF file can be used to run the shellcode and execute it. The executed shellcode will then download the malicious payload, for instanced botnetcomponents.
User that want to be protected are advised to use another leaner PDF-reader, but the av vendor asks users to install a av scanner and disable JavaScript at the same time or use the Windows DEP-function (Data Execution Prevention). "Well it is a pity that a lot of legit software won't run under mentioned settings."
Also a security warning for PDF documents, forewarned is forearmed, folks,
polonus