We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Make "Invisible" Visible: Case Studies in PDF Malware

Formal Metadata

Title
Make "Invisible" Visible: Case Studies in PDF Malware
Title of Series
Part Number
18
Number of Parts
29
Author
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Due to the popularity of the portable document format (PDF), malware writers continue to use it to deliver malware via web downloads, email attachments and other infection vectors in both targeted and non-targeted attacks. It is known that PDF attackers can break detection by using polymorphic techniques to hide malicious code, randomizing JavaScript, obfuscating embedded shellcode or using cascading filters. Malware writers have always tried hard to develop new techniques to bypass detection. Some recent PDF attack campaigns we have seen are typical examples of such new endeavors from malware writers: a) Simple but effective URL aliasing technique to download malware. b) Using PDF to deliver specific topic related text content for search engine poisoning. c) Encapsulating PDF malware inside a PDF file to break detection. In this paper we will investigate the recent PDF malware campaigns using - and often abusing - these new techniques.