PDF Files and Flash Ads Can Contain Malicious Code

Flash and PDF files on the Internet can contain hidden malicious code that's so sophisticated that most antivirus software won't detect the attacks even after they infiltrate vulnerable computers, according to a report released by the company Finjan, a provider of Web gateway and content-inspection solutions.

On Sept. 23, 2008, Finjan released its Malicious Page of the Month report detailing how malevolent hackers use Web 2.0 technologies to infest operating systems with the latest malware. The report's data, compiled by the company's Malicious Code Research Center, tracks the evolution of "obfuscated code," or code that is encrypted so well by its authors that it's difficult to recognize. This code can be built into Flash and PDF files by people with bad intentions.

"This vulnerability will enable them to gain access to our local disk so they can install their Trojan horse or keylogger software," said Yuval Ben-Itzhak, Finjan's chief technology officer. This gives them the opportunity to slip in undetected and wreak havoc.