Cybercriminals use PDFs to slip Trojans past e-mail filters

Common business document files could be hiding malware capable of bypassing standard security systems and stealing confidential information.

Common business document files could be hiding malware capable of bypassing standard security systems and stealing confidential information.

Cybercrimals are increasingly exploiting vulnerabilities in trusted file formats to slip through web and e-mail filtering systems, warn year-end cyber threat reports.

The use of this method of attack is expected to grow in the coming year as it enables cybercriminals to defeat traditional defences and sneak data harvesting Trojans through corporate firewalls.

Adobe's PortableDocument Format (PDF), which was created for sharing documents between users with different operating systems, has been a prime initial target.

Many businesses rely on PDF documents to exchange information and consider them to be safe, with most e-mail and web filtering systems allowing them through by default.

With millions of unpatched PDF readers on business machines, criminals are able to exploit the scripting vulnerability within the document format to smuggle in malware.

Recipients are likely to open the documents because they are often crafted to appear legitimate, using information criminals have collected about the target organisation.

This type of attack is a growing threat that security professionals in large organisations throughout Europe have identified, says Alessandro Moretti, (ISC)2 European advisory board member.

Moretti, who is also a UBS investment bank executive director for IT security risk management, says he is seeing increasing creativity in the way organised criminalgangs manipulate e-mail attachments in PDF and other common document formats.

"A lot of the larger organisations have seen this threat and are working with professional security firms that provide security services to deal with this type of threat," he says.

Organisations that want to protect their customers and users will have to consider investing in specialised services which have access to leading-edge technologies to mitigate this threat, says Moretti.

As a first step, security suppliers say organisations should ensure that security patches for all applications are up to date, particularly PDF readers.

Web and e-mail filtering system settings should also be checked to ensure that PDF files are not trusted by default.

The optimal way to prevent this type of attack is active real-time content inspection technologies that can detect malicious code without signatures.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close