Malware creeping into portable documents

WASHINGTON, Dec. 13 (UPI) -- Malware designed to damage computer systems is being secreted into portable documents, commonly known as PDF, by cybercriminals whose efforts usually are thwarted by antivirus software.

Defense analysts cited in online commentaries said the PDF attacks were aimed at corporate and government institutions and were part of sophisticated schemes aimed at extracting information from systems otherwise thought to be firewalled and secure.


Several corporate sources confirmed defense organizations were targeted in the attacks which appeared to be well-funded and could come from an unknown country or corporate entity.

News of the latest cyberthreat coming through PDF files followed warnings from computer software company Symantec, comments from defense manufacturer Lockheed Martin and software provider Adobe that acknowledged the risk.

Cyber-criminals trying to take advantage of the alleged weakness in Adobe's PDF reading and editing software use a well-known family of malware called Sykipot, Symantec said.


The attackers aim the malicious code at so called zero-day vulnerabilities that as yet haven't been reported by security experts or software makers, CRN said on its Web site. The attackers also hit PDF as a common business application hoping that many users wouldn't have kept up with the latest security patches.

Before the risks to PDF files came to light, computer users worldwide were made aware of risks in opening attachments of texts or graphics written in Microsoft Word, Excel and other word and image applications.

On Dec. 1, Symantec reported a high volume of e-mail carrying Sykipot malware aimed at Acrobat Reader and Acrobat editing software. The attackers sent the messages mostly to high-ranking executives who could have sensitive or strategic information on their computer networks.

The attacks were able initially to send commands to targeted computers to gather system and network information and determine whether a computer system was worth hacking into. The attackers were also able to customize commands to exfiltrate the information.

Symantec said cyberattackers were behind a March 2010 attack on a zero-day vulnerability in Microsoft Internet Explorer. Persistence of the attacks indicated that the cybercriminals may be scoring successes along the way, the company said.


Adobe was apparently alerted to the risk by Lockheed Martin and the Defense Security Information Exchange, a group of major defense contractors that share information about computer attacks.

DSIE includes companies that are part of the so-called the "Defense Industrial Base," some of the largest U.S. defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrop Grumman, Pratt and Whitney and Raytheon, Computerworld said.

Symantec published an image of a redacted email of the attack's bait -- the promise of a 2012 guide to policies on new contract awards -- that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF document.

The Sykipot malware encrypts the pilfered data after it has been retrieved from the victimized firm but while it is still stored on the company's network, as well as when it's transmitted to a hacker-controlled server.

Symantec said the same group of hackers who launched the attacks against IE6 and IE7 in 2010 were also responsible for Reader-based attacks since November.

Latest Headlines