PDF URIs

I was handed an interesting PDF document. It doesn't contain malicious code, yet it generates network traffic. Let me explain how this is achieved. Creating a PDF that makes a HTTP(S) connection to a website is easy. There's no need to use an exploit, not even JavaScript. You just have to use a URI object: … Continue reading PDF URIs →

Malicious Document Targets Belgian Users

In this blog post I want to show how a malicious document (maldoc) behaves and how it can be analyzed with free tools. A couple of weeks ago many users in Belgium received an e-mail, supposedly from a courier company, informing them that a package was waiting for them (article in Dutch). This is an example … Continue reading Malicious Document Targets Belgian Users →