• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >Understanding the Role of Malicious PDFs in the Malware Ecosystem.
【24h】

Understanding the Role of Malicious PDFs in the Malware Ecosystem.

机译:了解恶意PDF在恶意软件生态系统中的作用。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Portable Document Format (PDF) is a widely used, cross-platform file format for document exchange. Several applications exist for parsing and rendering PDF documents, with Adobe's Acrobat Reader being the most widely used PDF reader. Starting in 2007, several vulnerabilities in Adobe Reader were discovered being exploited in the wild. PDF-based exploits continued to proliferate during 2008 and 2009, and, although recent security reports have noted a decline in the numbers of PDF-based malware in 2011, malicious PDFs are likely to continue to be a significant threat for the next few years, given the ubiquity of the PDF format and the existence of a large base of unpatched Adobe Reader installations.;In this work, we try to understand the role played by malicious PDFs in the malware and spam ecosystems. We collect data from the execution of a set of about 11,000 malicious PDFs obtained from various sources. We find a correlation between the age of a vulnerability and the number of PDFs exploiting that vulnerability. We also find differences in behavior depending on the distribution vector used. Looking at the final payload of the malicious PDFs, we find that some known pay-per-install services seem to use malicious PDFs as an infection vector. Finally, we see a considerable overlap in malware-hosting domains contacted by malicious PDFs and spam-advertised domains seen in emails collected by various spam feeds, pointing to the use of both vectors for malware distribution.
机译:便携式文档格式(PDF)是一种广泛使用的跨平台文件格式,用于文档交换。存在几种用于解析和呈现PDF文档的应用程序,其中Adobe的Acrobat Reader是使用最广泛的PDF阅读器。从2007年开始,人们发现Adobe Reader中的多个漏洞被广泛利用。基于PDF的漏洞在2008年和2009年继续激增,尽管最近的安全报告指出,2011年基于PDF的恶意软件数量有所下降,但恶意PDF可能在未来几年仍将继续成为重大威胁,鉴于PDF格式无处不在,并且存在大量未打补丁的Adobe Reader安装。在此工作中,我们试图了解恶意PDF在恶意软件和垃圾邮件生态系统中的作用。我们通过执行从各种来源获得的大约11,000个恶意PDF集合来收集数据。我们发现漏洞的年龄与利用该漏洞的PDF数量之间存在关联。我们还发现行为的差异取决于所使用的分布向量。通过查看恶意PDF的最终有效负载,我们发现某些已知的按安装付费服务似乎将恶意PDF用作感染媒介。最后,我们看到恶意PDF所接触的恶意软件托管域和垃圾邮件源收集的电子邮件中出现的垃圾邮件广告发布域之间存在相当大的重叠,这表明两种媒介都可用于恶意软件分发。

著录项

  • 作者

    Gupta, Moitrayee.;

  • 作者单位

    University of California, San Diego.;

  • 授予单位 University of California, San Diego.;
  • 学科 Computer science.;Information technology.
  • 学位 M.S.
  • 年度 2011
  • 页码 49 p.
  • 总页数 49
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号