Home
Latest images
Search
Register
Log inMalicious PDF Analysis E-book
Page 1 of 1
Malicious PDF Analysis E-book
andry Wed Jan 05, 2011 4:19 am
Since a couple of years,malware authors have turned to PDF documents to deliver malware to Windows machines they desire to infect.Because common executables(EXE files)are often blocked by many email servers and clients,they had to look for alternatives and PDF files turned out to be a viable solution.
But why is a PDF file a good alternative to an executable?The Portable Document Format is not a programming language,its a page description language,specifying how to render the content of a page,like the pages you find in this book.So how can this be used to deliver a malicious payload?The answer lies in programming errors made in the applications that process PDF files,like PDF rendering software,of which Adobe Reader is by far the most popular. What malware authors do is exploit vulnerabilities(programming errors)in Adobe Reader in such a way that they can execute arbitrary code on a Windows machine with a vulnerable installation of Adobe Reader.
The PDF language is based on the PostScript language which is a programming language,but PDF is a subset of PostScript,without the features that make it a programming language
Download PDF
But why is a PDF file a good alternative to an executable?The Portable Document Format is not a programming language,its a page description language,specifying how to render the content of a page,like the pages you find in this book.So how can this be used to deliver a malicious payload?The answer lies in programming errors made in the applications that process PDF files,like PDF rendering software,of which Adobe Reader is by far the most popular. What malware authors do is exploit vulnerabilities(programming errors)in Adobe Reader in such a way that they can execute arbitrary code on a Windows machine with a vulnerable installation of Adobe Reader.
The PDF language is based on the PostScript language which is a programming language,but PDF is a subset of PostScript,without the features that make it a programming language
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» protect yourself from malicious hackers
» Hijacking Opera's Native Page using malicious RSS payloads
» FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS
» Detecting Obfuscated Malicious JavaScript with Snort and Razorback
» effcts of face book on SEO
» Hijacking Opera's Native Page using malicious RSS payloads
» FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS
» Detecting Obfuscated Malicious JavaScript with Snort and Razorback
» effcts of face book on SEO
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum