New Bulls-eye for Targeted Attacks: PDFs
Targeted attacks are small-scale, carefully crafted assaults against a particular person or organization that typically pose a much greater threat than the average attack. And this year, they're all about PDFs.
Antivirus maker F-Secure posted today that of the 663 targeted attacks it has seen so far this year, 48.87 percent of them used PDF files. Last year Microsoft Word files were most commonly used, at 34.55 percent, with PDFs at second with 28.61 percent. Targeted attacks typically use a carefully crafted e-mail, often personally addressed, with a malicous file attachment that will launch a behind-the-scenes attack when opened.
The company says the shift happened because of the large number of discovered vulnerabilities in Adobe Acrobat and Reader. In February, one such hole was used in a targeted attack. Adobe acknowledged another critical hole last Friday.
A couple of weeks ago, F-Secure's Mikko Hypponen recommended ditching Adobe Reader in favor of lesser-known (and less attacked) free alternatives. He likely had this kind of data in mind when he said "Adobe Reader is the new Internet Explorer."