Microsoft, Trend Micro Identify Surge in PDF Attacks

Printer-friendly version Email this CRN article

Microsoft and Trend Micro have identified a sudden surge in document attacks that appear to be stemming from both automated attack toolkits and targeted attacks that exploit older vulnerabilities in Adobe Reader and Acrobat software.

Microsoft said exploits that target vulnerabilities in document readers and editors rose sharply in the fourth quarter of 2012 and there's evidence of the trend continuing in 2013. Nearly 3 million computers detected a document attack in the fourth quarter of 2012, doubling the detection rate in the previous quarter.

Victims of the attacks are being compromised by visiting a malicious webpage or opening a PDF in an email attachment, said Tanmay Ganacharya, lead security researcher at Microsoft's Malware Protection Center.


[Related: Verizon Analysis: Top 10 Causes Behind Data Breaches]

"These files contain a JavaScript that executes when the file is opened," Ganacharya wrote in an analysis of the attacks this week. "The embedded JavaScript may contain malicious instructions, such as commands to download and install other malware."

The cybercriminals are exploiting vulnerabilities in Reader and Acrobat that were patched by Adobe as far back as 2008. The critical flaws are a variety of memory corruption errors, easily exploitable on victims' computers that have failed to keep the software updated.

The most commonly targeted error, a flaw that was repaired in 2010, can cause the application to crash, enabling malicious code to execute and ultimately an attacker to take control of the affected system. An exploit targeting the flaw is available in Black Hole and a number of other exploit toolkits, Ganacharya said. Microsoft has identified five malware variants targeting the coding error.

"This vulnerability is still being exploited widely even though a fix has been available for over 2 years," Ganacharya wrote.

NEXT: Targeted Attack Campaigns

Printer-friendly version Email this CRN article