PDF attacks skyrocket, says Symantec

"Specifically, this attack consists of attempts by attackers to distribute malicious PDF content to victims through the web," the report from Symantec said. "The attack is not directly related to any specific vulnerability, although the contents of the malicious PDF file would be designed to exploit arbitrary vulnerabilities in applications that are able to process PDFs."

Mark Fossi, executive editor for the Internet Security Threat Report and manager of security response at Symantec, said that the popularity of PDFs as an attack vector stems from the fact that it is an open file format, making it easier to attack multiple software plug-ins and readers. "There are more applications out there that are capable of rendering PDFs, whereas it used to be just an Adobe product." Just this month, Foxit Software had to patch its own PDF reader software in an attempt to make it easier to spot an as-yet unsolved exploit targeting the underlying design of the portable document format.

Brazil has become an increasingly pervasive source of online threats, thanks to increasing broadband penetration in the region, according to the report, which saw Brazil topple Germany from its long-held third place for overall malicious activity by country. Germany is now in fourth place, with 5% of malicious activity, compared to Brazil, with 6%. The US and China still top the charts however, with 19% and 8%, respectively.

"Germany didn't move to fourth place because of declining activity in that country," pointed out Fossi. "Activity is rising in general".

Brazil ranked first, as it did last year, when it came to spam zombies, indicating that it is mainly consumer machines that are being compromised and then used as conduits for malicious activity by online criminals. It also ranks third in terms of bots (which are closely linked to spam zombies), but came a poor 12th in terms of phishing hosts, further supporting the view that increased broadband penetration of the consumer market is a major cause for the rise in Brazil's malicious profile.

However, this is not the only major cause, according to the report. "Brazil's rise as a source of malicious activity to third place in 2009 was mainly due to a significant increase in its ranking for malicious code, for which it rose up to fifth in 2009 from 16th in 2008," said the document, suggesting that the Downadup worm, also known as Conficker, had been particularly successful in Brazil, ranking fourth in terms of infected countries.

"One explanation for the success of Downadup in Brazil is that it is able to specifically target certain regions based on the identification of the language setting of the computer, one of which was "Portuguese (Brazilian)", it said.

Conficker is also a cause for concern. Although press coverage of the worm has died down, there are still around 6.5 million infected machines globally, according to the report. Although they have not yet been used for any significant criminal activity, the threat remains a viable one.

Symantec identified twice as many distinct new malicious programs as it had done in 2008, the report noted, adding that web-based attacks continue to grow. Compromised identity information continues to increase, with 60% of all data breaches that exposed identities happening as a result of hacking. Spam made up 88% of all email observed by Symantec.

What’s Hot on Infosecurity Magazine?