The PDF file format has become a popular file format since its release as an open standard. Its portable nature, extensive feature list, and availability of free tools to read and author them have made it a de-facto standard for printable documents on the Web. As it gained more popularity among general users, malware authors recognized the opportunity to use PDF's for malicious purposes. As with Microsoft Office documents in the past, the PDF file format has become a target for malware authors and is currently being widely exploited as a means to deposit malware onto computers.
In this paper we discuss the current PDF threat landscape, current vulnerabilities being exploited in PDF documents, methods employed by malware authors, trends seen in malicious PDF usage, outline Symantec's detection names and their meaning, and discuss various techniques that are being used by malware authors to make detection more difficult. We will also outline some preventative measures users can take to avoid infection.