Scenario 1: Scripted Malware in PDF

OVERVIEW: Scripted malware is used by an attacker to conceal a script in a document. Often the file looks normal - however, features of the application can be exploited to the benefit of the attacker.

BUSINESS PROBLEM: Employees may unknowingly launch malware by simply opening a file, moving a mouse over a part of the document, common in Adobe PDF, or following prompts (such as enabling Macro's).

THREAT: Scripted malware is not new. Some defences will easily stop scripted malware. However, Deep Secure has proven detection is not always a safe assurance. Many of the samples in this section have been submitted to Virus Total - and receive a "clean" score.

SAMPLE 1:

Trade Price List


TEST USING GX PLATFORM:

With CTR DISABLED
(i.e. the ICAP profile is disabled on the Web Proxy / or manually bypassed by browser)

  • Download the original file and save locally


    • With CTR ENABLED

  • Download the file and save locally
  • Now compare the two files
  • Notice the green bar has been removed in the document that has been transformed


    • OUTCOME

  • Move your mouse over the "green bar" on the original downloaded file
  • This contains an embedded script
  • When the file is transformed via the GX it will leave behind this script (the threat is removed - without detection)
  • Comparing the file size will also show that CTR created new data - this new file is used to carry the information to the user.