2011 18th Asia-Pacific Software Engineering Conference (2011)
Ho Chi Minh, Vietnam
Dec. 5, 2011 to Dec. 8, 2011
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/APSEC.2011.41
Today, PDF is one of the widely used applications for sharing documents. Some of the important factors for the popular use of the PDF application are due to its platform independency and rich digital offerings such as ability to include multimedia files, direct URL access and HTTP communication. However its wider acceptance among the user community has also attracted the attackers to develop and spread malware using PDF files. Most of the existing security tools are not equipped to deal with the attacks related to PDF. In this paper we present different techniques that can be used by an attacker to generate PDF attacks. Then we propose portable document scanner (PDSCAN) which can detect the attacks by analyzing the suspicious objects and the scripts that are embedded in the documents. PDSCAN makes use of dynamic and static analysis techniques to deal with the malware. Finally we present detail analysis of a malicious PDF file in Virtual Box environment.
PDF malware, static analysis, dynamic analysis
U. Tupakula, C. Ulucenk, V. Balakrishnan and V. Varadharajan, "Techniques for Analysing PDF Malware," 2011 18th Asia-Pacific Software Engineering Conference(APSEC), Ho Chi Minh, Vietnam, 2011, pp. 41-48.