Number of Infected PDF Files on the Rise

[Peaches]

Number of Infected PDF Files on the Rise

.ru was last month's most abused ccTLD for malware hosting

Avira reports that the number of PDF documents rigged with malware rose by 50 percent in May compared with the previous month. Data gathered by the company also reveals that .ru was the preferred country code TLD for hosting malware and that .br had the largest number of phishing websites.

According to the German antivirus vendor, the most abused file extensions were exe, txt, php, jpg, dll, pdf, gif and com, while 31% of all malicious files detected had no extension at all. Even though the infected PDF documents represented only 1.20% of the total number, the increase compared with April was considerable – 52.14%. So were the monthly deviations for cmd (66.67%), ocx (56.25%) or swf (43.30%).

As far as domain TLD abuse goes, .com leads by far in both the phishing and malware hosting categories with 49.9% and 44.53%, respectively, although these numbers actually represent a decrease over the previous month. As expected, .com is followed in the stats by .net and .org, but the most interesting changes were registered for the country code TLDs.

More details - http://news.softpedi...se-144874.shtml

[belthesar]

An important factor of note is that PDF infections are usually through the JavaScript backend. The JavaScript back end is, to my knowledge, only supported by the official Acrobat clients, either with full Acrobat, or Adobe Reader.

If you are a home or small office user, disabling JavaScript functionality in your Adobe Acrobat or Reader client will help prevent accidental infection. If you are in an enterprise environment and either do deploy Adobe Reader or are looking to, Adobe provides tools to create Windows MSI installer packages with options preconfigured, including but not limited to disabling JavaScript.

Fortunately, most third party readers, including the Preview or QuickView readers with Mac OS X and iOS, and Linux PDF viewers on desktop distributions and Android do not support JavaScript functionality and in turn are not susceptible to these weaknesses. If you do not require all of the major functionality of Adobe Reader, using a third-party PDF viewer is a good step towards keeping a secure system.