Kaspersky uses cloud intelligence for automated PDF threat analysis

The feature, which is seen in Kaspersky Internet Security 2012, comes against the backdrop of a growing problem with Adobe PDF files being used as carriers for infections.

According to the Russian IT security vendor, file-based infections and threats are growing in volume. Citing Qualys' top ten security threats, the firm says that the top internet threats are loopholes in WordPad, Word, PowerPoint, Adobe Flash and Adobe Reader.

The classic way to exploit these loopholes, says Kaspersky, is through manipulated files. These files enter companies in a variety of ways: via email, FTP, flash drives or cloud services like Dropbox, for example.

They are dangerous, adds the ITsec vendor, because they are so similar to the files every computer deals with as a matter of course. As a result, it is no wonder that people often double-click PDF files without a second thought.

Attackers, Kaspersky says, use this method to exploit gaps in popular programs and gain additional rights to users' computers.

To counter these issues, Kaspersky Anti-Virus 2012 and Internet Security 2012 include two advanced recognition techniques which prevent these nasty tricks.

Firstly, says the vendor, the antivirus engine monitors the behaviour of the programs on the system. If a program behaves in a suspicious manner- such as, for example, trying to uncover passwords, send data or access protected drive sections - the virus protection functions prevent it from doing so.

The second technique is known as `reputation protection', which verifies a file's trustworthiness by transmitting a checksum on the file's size and signature to Kaspersky's servers.

According to the IT security vendor, if the file is already flagged as `bad' in the malware database, this fact is signalled back to the software and the file download is blocked.

What’s Hot on Infosecurity Magazine?