No doubt that exploit PDF vector still a threat that get attentioned from few security vendors attentions. PDF exploit exist since 2007 in wild and the amount of PDF exploits increased from time to time. According to
Symantec Global Internet Security Threat Report 2008 recently, web-based attack related to PDF exploit sit rank 2nd or 11 percent from Top Web-Based Attack. Other than that, web browser plug-in vulnerability also contribute numbers of web-based PDF exploit increased. F-Secure also proved that PDF exploit attack also increased from 28.61% 2008 compare to 48.87% 2009. The numbers for PDF exploit seems will be continue increased for this year since few PDF generator tool available and ready to use such as Metasploits and etc.
PDF malware generator will produce more complex obfuscate code for coming days and it will challenging vendors security analysis skills and times.
Below are the few graphs related to Adobe Reader 7, 8 and 9 impact from year 2003 to 2009. This information obtained from Secunia. Thanks Secunia !
Another good website related to PDF Exploits:
1.
http://www.sophos.com/blogs/sophoslabs//?p=46002.
http://securitylabs.websense.com/content/Blogs/3411.aspx3.
http://www.sophos.com/blogs/sophoslabs/v/post/12214.
http://www.web2secure.com/2009/05/analysis-exploit-adobe-pdf-utilprintf.html5.
http://www.f-secure.com/weblog/archives/00001687.html6.
http://www.f-secure.com/weblog/archives/00001676.html
0 comments:
Post a Comment