We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Make "Invisible" Visible: Case Studies in PDF Malware

Formale Metadaten

Titel
Make "Invisible" Visible: Case Studies in PDF Malware
Serientitel
Teil
18
Anzahl der Teile
29
Autor
Lizenz
CC-Namensnennung 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Due to the popularity of the portable document format (PDF), malware writers continue to use it to deliver malware via web downloads, email attachments and other infection vectors in both targeted and non-targeted attacks. It is known that PDF attackers can break detection by using polymorphic techniques to hide malicious code, randomizing JavaScript, obfuscating embedded shellcode or using cascading filters. Malware writers have always tried hard to develop new techniques to bypass detection. Some recent PDF attack campaigns we have seen are typical examples of such new endeavors from malware writers: a) Simple but effective URL aliasing technique to download malware. b) Using PDF to deliver specific topic related text content for search engine poisoning. c) Encapsulating PDF malware inside a PDF file to break detection. In this paper we will investigate the recent PDF malware campaigns using - and often abusing - these new techniques.