We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cybercriminals Exploit PDF Filter to Embed Malware

Security software company Avast! catches cybercriminals using Adobe's own specifications to slip past antivirus scanners.

Avast! Virus Lab has discovered a dirty trick that cybercriminals are using to encode malware exploits and payloads into PDF files. Adobe says that the this trick has been used in a relatively small number of attacks, as well as one targeted attack.

The vulnerability was found in the JBIGeDecode filter, a feature specifically intended for compressing monochrome images, and allowed attackers to use the JBIG2Decode specifications hide their encoded malicious payload in order to get past antivirus scanners without being detected. The dangerous encoded content is targets a flaw identified as CVE-2010-0188, which allowed attackers to cause Adobe Reader and Acrobat to crash--and possibly gain complete control of your system.

According to Jiri Sejtko, Avast's senior virus analyst, "the JBIG2 algorithm works here because any data--text or binary--can be declared as a monochrome two-dimensional image." Sejtko also says that they hadn't expected anyone would use a pure image algorithm for something that's not an image.

Avast patched the vulnerability in current versions of Adobe Reader, however, older versions of the program are still affected. As always, you should keep Adobe up to date and on automatic update if possible. For more information on this vulnerability visit the Avast! Blog.

[Avast]

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model