Yuletide PDF gymnastics
Whilst browsing some reports yesterday, I noticed an unexpected detection at the top of the charts. Over the past few days, Troj/PDFJs-ER is neck and neck with Mal/Iframe-F as the most prevalent item of malware currently being detected on web sites.
A quick peek at the URLs for the PDFs reveals a whole host of new domains, just registered in the past few days. Curious, I grabbed a few samples and set about digging further into the attack…
Continues at SophosLabs blog