Adobe Reader at the Forefront of Malware Delivery

Statistics from a new study by F-Secure indicate that Adobe Reader has surpassed Microsoft Office products as a vector for malware delivery 2009.

F-Secure has also pointed out that you can embed movies and songs, JavaScript, and forms that upload data a user inputs to a web server from within PDFs. And let’s not forget how there are functions within a PDF to launch executables and/or connect to a website.

Another researcher, Didier Stevens, has determined how to launch from a PDF, and demonstrated it with videos of the process, found here.

Adobe has been getting a lot of heat from the malware research community about their lagging efforts to patch the Reader, and other Adobe products, such as Flash. They are being compared to where Microsoft was eight years ago, when their security responses and their understanding of secure code development was hopelessly inadequate.

Microsoft has turned it around (mostly), and Adobe could benefit by following their example. There are a growing number of recommendations to eliminate Adobe as a Reader. Given that 48% of malware attacks came attached to PDFs, they could see their customer base shrink drastically.

At this rate of risk, halting incoming PDFs at the email server may be a prudent action. I’d do it.