A new form of hacking has been discover that allows cybercriminals to carry out cross-site scripting attacks from within PDF files.

PDF files have been a favouritContact ,dfgn.df/gm.df,gmdf,.gm./,dfmg./d,fgmdf,./gmdf,./gmdf/.gmdf,./mgdf,./mg,.df/mg,e tool of hackers for some time in order to run for phishing attacks and distribute malware. In a lot of cases emails are shared using PDF file attachments that include hyperlinks to malicious websites. By placing these URLs into the files rather instead of the body of the email message, it is more difficult got harder for security solutions to spot those malicious links.

This more recent for of hacking also includes the used of PDF files, but instead of tricking employees into handing over their login details or visiting a malicious website where malware is downloaded, the hackers attempt to obtain sensitive information included in PDF files.

The technique is similar to those deployed by hackers in web application attacks. Cross-site scripting attacks – or XXS attacks for short – normally involve injecting malicious scripts into authentic websites and applications. When a user views a website or a hacked application, the script runs. The scripts give the hackers access to user information such as cookies, session tokens, and sensitive data saved in browsers, such as passwords. Since the website or application is genuine, the web browser will not identify the script as malicious. These attacks are possible in websites and web applications where user input is used to create output without correctly validating or encoding it.

A similar technique has been shown to also work within PDF files and is used to inject code and record data. This is completed by taking advantage of escape characters such as parentheses, which are often used to accept user input. If the input is not validated correctly, hackers can place malicious URLs or JavaScript code into the PDF files. Even injecting a malicious URL can be enough to record data in the document and exfiltrate it to the attacker-controlled website, as was shown at the Black Hat online conference this month.

What sort of data could be stolen in such an attack? A massive amount of sensitive data is included in PDF files. PDF files are used extensively for reports, statements, logs, e-tickets, receipts, boarding passes, and a lot more. PDF files may include passport numbers, driver’s license numbers, bank account data, and a variety of other sensitive data. The presenters at the conference said that they discovered some of the largest libraries of PDF files globally were sensitive to XXS attacks.

In the most part, the flaws in PDF files that allow XXS attacks are not due to the PDF files themselves, but incorrect coding. If PDF libraries fail to properly parse code of escape characters and allow unprotected formats, they will be susceptible. Luckily, Adobe made available an update on December 9 which stops this type of security vulnerability from being targets, although firms that create PDF files must update their software and apply the update to be secured.

This is just one method way that malicious attachments can be leveraged to steal sensitive data. As was referred to earlier, malicious macros are often added to office documents, executable files are added as attachments to emails and pretend to be as legitimate files, and malicious code can be injected into a variety of different file types.

One of the best ways to secure your network from attacks via email using malicious attachments is to use an advanced email security solution that can spot not just known malware but also never-before-seen malicious code. This is an area that is a speciality of SpamTitan Email Security. SpamTitan uses dual anti-virus engines (Bitdefender/ClamAV) to block recognized malware threats and sandboxing to spot malicious code that has been placed in email attachments. Files are put through rigorous analysis in the security of the sandbox and are checked for any malicious intent.

Contact the TitanHQ to to discover more about making your organization safe from malicious emails and malware.