Malicious PDF files are commonly used by attackers to spread malicious software, often targeting patched and zero-day vulnerabilities in Adobe Reader. Recent report from Symantec on the Rise of PDF Malware, authored by Karthik Selvaraj and Nino Fred Gutierrez, explores these trends from a comprehensive data-driven perspective. The report is filled with technical details and is a must-read for people combating malware threats.
The report describes attack trends across the three common methods for distributing PDF files:
- Mass-mailed PDFs
- PDFs hosted in malicious web pages
- PDFs used in targeted attacks
On a related note, if you want to learn how to analyze malicious PDFs, take a look at my Analyzing Malicious Documents Cheat Sheet. I get into this topic in the reverse-engineering malware course I teach at SANS.