It was shortly after I had finished posting my most recent note, about Adobe’s security-related updates of Acrobat and Reader, that I saw an article in Computer World summarizing some interesting results from the Annual Global Threat Report [PDF, registration required] compiled by security firm ScanSafe (part of Cisco), of London and San Bruno CA. If nothing else, the results indicate that there is a very good reason to stay up-to-date with security fixes for Adobe’s software:
In the first quarter of 2009, malicious PDF files made up 56% of all exploits tracked by ScanSafe. That figure climbed above 60% in the second quarter, over 70% in the third and finished at 80% in the fourth quarter.
The sample of exploits was gathered from compromised or malicious Web sites. The report goes on to say that, although many Web-based attacks are designed to probe for multiple vulnerabilities, malformed PDF files are often tried first. There is a slightly curious statement in the Computer World article:
Exactly why hackers choose Adobe as their prime target is tougher to divine, however.
Perhaps this is an attempt to avoid any appearance of bashing Adobe, but I don’t think that the hackers’ choice is tough to divine. All non-trivial software has bugs, and either Reader or Acrobat is a far from trivial program. Large, complex software packages frequently have security vulnerabilities — ask Microsoft if you don’t believe me.