Adobe Flash, PDF and Oracle Java “most dangerous” file types

By Graeme Burton
09 Dec 2013 View Comments
malware virus security

Adobe Flash, PDF and "all versions" of Oracle Java files are the most dangerous attack vectors for Windows-based PCs.

That is the conclusion of a long-term study by independent security consultant AV Test.

Further reading

Flash, PDF and Java together account for two-thirds of Windows vulnerabilities exploit by malware.

"Such weaknesses enable Trojans and other forms of malware to invade PC systems, in some cases in an unstoppable manner," warns the report.

"Users who rarely update their software and use insufficient security software have virtually no chance when faced with specially prepared malware," it continues.

Adobe Acrobat, in particular, has become a widely targeted attach vector for writers of "exploits" because the Acrobat Reader application is almost ubiquitous among Windows users.

In total, AV Test has recorded almost 37,000 different exploits for Adobe Acrobat, followed by the first version of Java with 31,000. The third program, Adobe Flash, recorded more than 20,000 different exploits.

"Adding together all of the attackers that are currently threatening the different versions of Java results in an overall total of more than 82,000 attackers, thus making Java the top vulnerability for exploit attacks," claims AV Test.

Up-to-date anti-virus and personal firewall software can protect against the threats posed by such exploits in most cases in a number of ways.

First, by detecting browser JavaScript designed to search to see whether vulnerable software might be present as part of a "drive-by" attack.

Second, the anti-virus software ought to be able to identify the exploit itself, which will normally be sent in the form of a Java JAR, Adobe Flash or PDF file, depending on the vulnerability identified.

"Even if a security suite does not immediately detect an attacker, it is still able to analyse the file in the cloud and categorise it accordingly," claims AV Test.

If the exploit code remains undetected at this stage, it will seek to download the actual malware and install it on the PC in the form of an .EXE file. In this case, the anti-virus on-access and heuristic detection ought to (belatedly) detect the attack.

Other Windows file formats that are constantly targetted by attackers include .WMF, .ANI and .JPG images, as well as ActiveX, Windows Help Center and Internet Explorer, "which exhibit vulnerabilities susceptible to attacks by special exploit versions time and time again".

Windows XP users will therefore be exposed when support ceases in April 2014.

Mac users, on the other hand, are an increasingly open target as both Java and Flash also run on Macs, and Mac users are widely regarded as more affluent than PC users and, therefore, a good target. The Flashback Trojan in 2012, for example, targetted MacOS X by exploiting a flaw in Java. The "botnet" built around Flashback quickly ballooned to 600,000 compromised Macs.

The Flash security problem may soon be solved with an initiative of the Mozilla Foundation to effectively emulate Flash in HTML 5, but the Java security risk will continue to remain open for some time, warns AV Test, especially with Java now embedded in so many different devices.

Reader comments
blog comments powered by Disqus
Windows 9 - what do you want?

What would your business require from Windows 9 "Threshold" to make it an attractive proposition?

32 %
4 %
8 %
7 %
49 %