FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS
Page 1 of 1
FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS
FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS:WITH ANALYSIS OF EMBEDDED EXPLOIT CODE
ABSTRACT
The use of PDFs as a vector for the installation of malicious content has been on the rise over the last few years.This has been for numerous reasons,some of which are the ubiquity of the file format (not browser or platform dependent), the update mechanisms for Adobe, and also the many and various exploit kits.Methods for detection and classifi cation of malware have been focused on EXE, MS Offi ce and HTML analysis and the lack of research in PDF is telling. In this paper we show some tips and tricks to help with classifi cation and detection of malicious PDFs.This will be achieved by both static and dynamic analysis of malicious fi les and Internet-derived corpuses of potentially clean fi les.As well as communicating these results, the presentation will augment them with analysis of current threats and case studies of whole attacks.
Download PDF
ABSTRACT
The use of PDFs as a vector for the installation of malicious content has been on the rise over the last few years.This has been for numerous reasons,some of which are the ubiquity of the file format (not browser or platform dependent), the update mechanisms for Adobe, and also the many and various exploit kits.Methods for detection and classifi cation of malware have been focused on EXE, MS Offi ce and HTML analysis and the lack of research in PDF is telling. In this paper we show some tips and tricks to help with classifi cation and detection of malicious PDFs.This will be achieved by both static and dynamic analysis of malicious fi les and Internet-derived corpuses of potentially clean fi les.As well as communicating these results, the presentation will augment them with analysis of current threats and case studies of whole attacks.
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Hijacking Opera's Native Page using malicious RSS payloads
» Zozzle: Low-overhead Mostly Static JavaScript Malware Detection
» protect yourself from malicious hackers
» Malicious PDF Analysis E-book
» Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis
» Zozzle: Low-overhead Mostly Static JavaScript Malware Detection
» protect yourself from malicious hackers
» Malicious PDF Analysis E-book
» Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|