Systems and methods for detecting malicious PDF network content

摘要

Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.

主权项

1. A method comprising:
adapting, by a digital device, a portable document format (PDF) parser to evaluate a PDF document received over a network, the PDF parser to (i) examine a portion of a body section of the PDF document where the portion of the body section of the PDF document is lesser in size than an entirety of the body section of the PDF document and (ii) determine if one or more suspicious characteristics indicative of malicious network content are included in the portion of the body section of the PDF document; and when the portion of the body section of the PDF document is determined to include one or more suspicious characteristics indicative of malicious network content, providing the portion of the body section of the PDF document to one or more virtual machines associated with the digital device to verify the inclusion of malicious network content in the portion of the body section of the PDF document, and wherein verification of the inclusion of the malicious network content comprises execution of a PDF reader application by the one or more virtual machines to process the portion of the body section of the PDF document so as to determine if the portion of the body section of the PDF document includes malicious network content.