We have seen an ever increasing use of PDFs for malicious purposes over the past two years. During this time, we have tracked the growth and usage and have been constantly improving our detections to handle the different evolutions of these threats. We see new vulnerabilities related to PDF readers discovered on a regular basis, often being exploited in-the-wild before a patch is available. We have created the following report which highlights some of the interesting changes we analyzed. The report can be downloaded here.
In this whitepaper, we discuss the current PDF threat landscape, some current vulnerabilities being exploited in PDF documents, and various methods used by the malware authors. We also discuss various actions malware authors take to avoid detection, as well as offer some preventative measures users can take to protect themselves.