Malicious PDF Files Download has become the No. 1 Online Threat in 2009, reports a Symantec study. This accounted for almost 49% of all web-based attacks, sharply up from a figure of 11% in 2008.
This attack consists of attempts by attackers to distribute malicious PDF content to victims through the Web. The attack is not directly related to any specific vulnerability, although the contents of the malicious PDF file would be designed to exploit arbitrary vulnerabilities in applications that are able to process PDFs. Successful attacks could ultimately result in the compromise of the integrity and security of the affected computers.
The second place is occupied by the IE xpoit, which has been termed as “Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness”. This accounted for almost 30% of the attacks in 2008, but has reduced its presence to about 18% of the attacks in 2009. A significant drop.
The other exploits in the order of their appearance are as given below.
- Microsoft Internet Explorer 7 Uninitialized Memory Code Execution
- Microsoft Internet Explorer MS Snapshot ActiveX File Download
- Adobe SWF Remote Code Executable
- Microsoft Internet Explorer Malformed XML Buffer Overflow
- Microsoft Internet Explorer DHTML CreateControlRange Code Executable
- Microsoft Internet Explorer WPAD Spoofing
- Microsoft MPEG2TuneRequestControl ActiveX Buffer Overflow
- Microsoft MPEG2TuneRequestControl ActiveX Instantiation
[Complete Report - pdf, 4MB]
You can follow us on Google+.