Analyzing Malicious PDF Files

Using PDF files as an attack vector has become increasingly popular with malware developers in the last few years.  This is a slightly ironic but predictable result of urging users to be very careful of executable (e.g., .EXE) attachments.  PDF files are attractive to the Bad Guys because the vast majority of users have Adobe’s Reader, or some other PDF viewer, installed, and because, unlike overtly executable files, PDF files are not generally blocked by filtering systems.

Didier Stevens, a Belgian security researcher, has published a paper on the analysis of malicious PDF files.  (The downloadable file from the previous link is a ZIP’ed copy of the original PDF document.)  Mr. Stevens wrote this as a chapter for a proposed book project, since abandoned by the promoter.  It is a bit dated if you are looking for information on the very latest malware techniques, but it’s full of useful information for anyone who has to deal with PDFs.

Comments are closed.

%d bloggers like this: