Enlaces de seguridad en PDFs de 2010: análisis y herramientas

Después de un año repleto de incidentes relacionados con el Portable Document Format (PDF) está bien mirar atrás y recordar algunos de los más importantes. A continuación se enumeran los enlaces de análisis de documentos PDF maliciosos y/o ofuscados, así como algunas herramientas que han hecho aparición en 2010. Espero que las disfrutéis! ;)

Análisis

2010-01-04: Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324 (binarios embebidos)

2010-01-07: Static analysis of malicous PDFs (Part #2) (getAnnots, arguments.callee)

2010-01-09: PDF Obfuscation (sustitución de variables, LuckySploit, CVE 2008-2992)

2010-01-13: Generic PDF exploit hider. embedPDF.py and goodbye AV detection

2010-01-14: PDF Obfuscation using getAnnots() (getAnnots, arguments.callee, Neosploit)

2010-02-15: Filling Adobe's heap (Javascript, ActionScript e imágenes en PDFs)

2010-02-18: Malicious PDF trick: getPageNthWord

2010-02-21: Analyzing PDF exploits with Pyew

2010-03-01: Analyzing PDF Files (getPageNthWord, getPageNumWords)

2010-04-08: JavaScript obfuscation in PDF: Sky is the limit (getAnnots,arguments.callee)

2010-04-09: Malicious PDF file analysis: zynamics style (vídeo de PDF Dissector)

2010-04-22: Will there be new viruses exploiting /Launch vulnerability in PDF?

2010-05-18: Quickpost: More Malformed PDFs

2010-06-08: Analysis of a Zero-day Exploit for Adobe Flash and Reader (CVE-2010-1297)

2010-06-09: A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day (malware, ROP)

2010-06-21: World's Smallest PDF

2010-07-02: Exploring recent PDF exploits: A Time Killer (getPageNthWord,CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)

2010-07-13: ReCon slides – How to really obfuscate your PDF malware

2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927)

2010-08-04: PDF Exploit: Number of pages is the Key (XOR, numPages,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)

2010-08-04: About the JailbreakMe PDF exploit

2010-08-12: More about the JailbreakMe PDF exploit (CVE-2010-1797)

2010-08-19: Anatomy of a PDF Exploit (AcroForm, TIFF, CVE-2010-0188)

2010-08-20: Analyzing CVE-2010-0188 exploits: The Legend of Pat Casey (Part 1)

2010-08-23: CVE-2010-1797 PDF exploit for Foxit Reader <= 4.0

2010-09-01: An approach to PDF shielding (encryption, object streams, nested PDF documents)

2010-09-13: Malicious PDF Challenges (getPageNumWords, getPageNthWord)

2010-09-17: The Rise of PDF Malware (whitepaper)

2010-09-26: Free Malicious PDF Analysis E-book

2010-10-02: Hiding PDF Exploits by embedding PDF files in streams and Flash ROP heapsprays (CVE-2010-2883)

2010-10-27: OMG WTF PDF - Julia Wolf (ofuscación, slides)

2010-10-28: CVE-2010-3654 Adobe Flash player zero day vulnerability

2010-10-28: New Adobe 0day (bug in flash player),CVE-2010-3654

2010-11-11: CVE-2010-4091 – printSeps - exploitation attempts

2010-12-03: CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address

2010-12-08: Scoring PDFs Based on Malicious Filter

2010-12-08: Released Malware Statistics and Scoring Tests

2010: Gran cantidad de análisis del blog Contagiodump

Tools

2010-05-31: PDF Dissector

2010-07-21: PDF Stream Dumper

2010-08-23: Opaf

2010-08-31: PDF Examiner (interfaz web)
 

Nota: Publicado originalmente en el blog de S21sec