Title :
Techniques for Analysing PDF Malware
Author :
Ulucenk, Caglar ; Varadharajan, Vijay ; Balakrishnan, Venkat ; Tupakula, Udaya
Author_Institution :
Inf. & Networked Syst. Security Res., Macquarie Univ., Sydney, NSW, Australia
Abstract :
Today, PDF is one of the widely used applications for sharing documents. Some of the important factors for the popular use of the PDF application are due to its platform independency and rich digital offerings such as ability to include multimedia files, direct URL access and HTTP communication. However its wider acceptance among the user community has also attracted the attackers to develop and spread malware using PDF files. Most of the existing security tools are not equipped to deal with the attacks related to PDF. In this paper we present different techniques that can be used by an attacker to generate PDF attacks. Then we propose portable document scanner (PDSCAN) which can detect the attacks by analyzing the suspicious objects and the scripts that are embedded in the documents. PDSCAN makes use of dynamic and static analysis techniques to deal with the malware. Finally we present detail analysis of a malicious PDF file in Virtual Box environment.
Keywords :
document handling; hypermedia; invasive software; program diagnostics; HTTP communication; PDF malware; VirtualBox environment; direct URL access; document sharing; dynamic analysis; multimedia files; portable document scanner; static analysis; Catalogs; Dictionaries; Malware; Portable document format; Streaming media; Virtual machining; PDF malware; dynamic analysis; static analysis;
Conference_Titel :
Software Engineering Conference (APSEC), 2011 18th Asia Pacific
Conference_Location :
Ho Chi Minh
Print_ISBN :
978-1-4577-2199-1
DOI :
10.1109/APSEC.2011.41
