Cyber-criminals launch PDF malware offensive

By

PDF malware "smashed" into October's virus charts, a security firm reported today.

Cyber-criminals launch PDF malware offensive
Sophos said that the new PDFex Trojan has been widely spammed out in emails with an infected Adobe Acrobat PDF attachment, and has reached third position in the malware chart.

The Trojan was launched during the last few days of October, taking advantage of an unpatched Windows vulnerability to infect PCs.

"PDFex only started to circulate at the very end of the month, but still managed to account for over 13 per cent of all emailed malware during October," said Carole Theriault, senior security consultant at Sophos.

"It was heavily spammed out between 26 and 28 October, and accounted for a staggering two thirds of all malware spread via email."

PDFs have long been used in business as a means of sharing information, so the social engineering trick of using a PDF puts insufficiently protected businesses at risk, according to Sophos.

"Adobe has issued an update to its Acrobat software that fixes the problem, and eyes are now turned to Microsoft to patch the underlying flaw in Windows which could affect other vulnerable applications such as Skype and Firefox," warned Theriault.

She added that, although criminals are currently using PDF files to try and infect innocent PCs with malware, there is little evidence of spammers continuing to use PDF files.

The research also indicates a slight decrease in the percentage of infected email. Overall in October, one in every 1,000 emails carried malicious email attachments, compared to one in every 833 during September.

However, web attacks continue to pose a "significant threat", Sophos warned. Mal/Iframe was responsible for almost seven out of every 10 infections found on the web by the security firm.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Log In

  |  Forgot your password?