Sunday, September 26, 2010

Malicious PDF Analysis E-book

Since a couple of years,malware authors have turned to PDF documents to deliver malware to Windows machines they desire to infect.Because common executables(EXE files)are often blocked by many email servers and clients,they had to look for alternatives and PDF files turned out to be a viable solution.
But why is a PDF file a good alternative to an executable?The Portable Document Format is not a programming language,its a page description language,specifying how to render the content of a page,like the pages you find in this book.So how can this be used to deliver a malicious payload?The answer lies in programming errors made in the applications that process PDF files,like PDF rendering software,of which Adobe Reader is by far the most popular. What malware authors do is exploit vulnerabilities(programming errors)in Adobe Reader in such a way that they can execute arbitrary code on a Windows machine with a vulnerable installation of Adobe Reader.
The PDF language is based on the PostScript language which is a programming language,but PDF is a subset of PostScript,without the features that make it a programming language

Download PDF

No comments: