Exploits utilizing the ubiquitous PDF document now account for as much as 36% of malicious code distribution, and PDFs are the leading source for web-based attacks according to Symantec's Quarterly Global Threat Report.
An article on MSNBC quotes security researcher Anup Ghosh of Invincea as saying, "the way the attacks work is, when you load a PDF document, it starts running Java code, exploiting the vulnerability in Adobe Reader. Once the vulnerability is exploited, a Trojan horse or other malicious executable is delivered to the computer."
One such piece of malware is the infamous Zeus Trojan, which can lay dormant until the users of the infected machine access banking accounts. Zeus then harvests passwords and authentication codes.
Malware producers find success in numbers, and an estimated 99% of all PCs use Adobe Reader, making the PDF a lucrative vehicle for exploits.
Julia Wolf, a researcher with the company FireEye, identified several flaws in the portable document file standard that produce some serious vulnerabilities and presented them at the 27th Chaos Communication Congress in Berlin, Germany.
One finding shows the ability for a PDF to contain code for a database scanner that activates when the document is sent to a hub printer and can scan the entire network, and another of Wolf's findings shows how the same PDF document can display different text when viewed with various browsers, readers and operating systems.
Wolf also highlighted other vulnerabilities with the ubiquitous document format that can be exploited to carry out attacks by activating malicious programs in Acrobat Reader, and by the format's ability to support features with flawed code like JavaScript, Flash files, digital rights management options and XML.
The problems are compounded by the fact that most antivirus software does not detect malicious code in PDF documents, noting that 40 AVs tested did not pick up the threats even when the malware advisories were several months old.