March 08, 2011, 2:55 PM — PDF files are one of the most common, and most trusted document formats out there. However, that trust, combined with the cross-platform use of PDFs makes the Adobe file format one of the most targeted and exploited by malicious attacks as well.
[ See also: Hackers love to exploit PDF bugs, says researcher ]
Symantec's MessageLabs has released the February 2011 Intelligence Report. The report details a variety of threats, including the ZeuS and SpyEye botnets, the rise in spam and phishing attacks, and an increase in malicious websites. But, one of the things that stands out is how PDF files are such a common, and growing target for malicious attacks.
Adobe has become a popular target for malware and malicious exploits. Adobe Reader, Adobe Flash, and other relatively ubiquitous Adobe products represent low-hanging fruit providing malicious developers with vulnerabilities to take advantage of.
In 2010, 65% of targeted attacks used PDF file exploits. The inherent--albeit unfounded--trust that users seem to place in PDF files makes the file format a prime vector for delivering malware and compromising PCs. If the trend continues, PDF-based attacks will account for more than three quarters of targeted attacks by the middle of 2011.
The MessageLabs report explains, "For years, PDFs have been used to stage targeted and now non-targeted attacks, but many people still consider PDFs a relatively trusted file type. In fact, the PDF is one of the most commonly used file formats with which to exchange electronic documents."
The report continues, "However, PDFs are potentially one of the most dangerous file formats available and should be treated with caution, much as EXE files should be. Because it is significantly easier to generate legitimate and concealed malicious content with PDFs, they are much more dangerous than EXEs."