Number of Malicious PDFs on the Rise

Security vendor GFI Software warns that the number of malicious PDF files detected in the wild has significantly increased last month with two detections making it into the top ten.

According to data gathered by the company's ThreatNet system, two PDF exploits detected as Exploit.AbobeReader.Gen and Exploit.PDF-JS.Gen, finished the month on the eight and ninth places as far as malware detections go.

This is even more interesting, as no Java exploit made its presence felt in the GFI's top.

Starting with mid-2010, the number of Java exploits exploded and they are still the primary components of drive-by download kits.

In addition, the number of malicious PDF files was expected to decline even further as users started to adopt the new Adobe Reader and Acrobat X (10.0).

That's because Adobe Reader and Acrobat X feature sandboxing technology that makes arbitrary code execution very hard to achieve by exploiting PDF vulnerabilities.

In practical terms, the resources, knowledge and time required to create a successful remote code execution exploit for Adobe Reader X doesn't justify the return on investment.

Users are therefore advised to migrate to the new 10.0 branch in order to be more secure and, at the same time, discourage attackers from targeting Adobe Reader users.

Seven of the top ten threats detected by GFI Software last month were trojans, including all malware that finished in the first five positions. These seven threats accounted for 4 of all detection registered by the security company's products.

The other threat in the top ten is a variant of the Conficker worm, which still remains strong even if abandoned by its creators a year ago. GFI Software researchers are also concerned about a spike in the number of scareware applications detected last month.

"Another indicator of increased rogue activity is the fact that we discovered, and blogged about, 22 new rogues on the GFI Rogue Blog in January. That’s a lot for one month, considering we’ve seen an average of between 13 and 14 new iterations per month for the last three years," said Tom Kelchner, communications and research analyst at GFI Software.