We've covered targeted attacks manytimesin the past and we've also covered PDF and vulnerabilities in Adobe Acrobat/Reader being used to install malware. So we decided to take a look at targeted attacks and see which file types were the most popular during 2008 and if that has changed at all during 2009.
In 2008 we identified about 1968 targeted attack files. The most popular file type was DOC, i.e. Microsoft Word representing 34.55%.
So far in 2009 we have discovered 663 targeted attack files and the most popular file type is now PDF. Why has it changed? Primarily because there has been more vulnerabilities in Adobe Acrobat/Reader than in the Microsoft Office applications. Like the two vulnerabilities we mentioned a week ago. These are scheduled to be fixed by Adobe on May 12.
More info about targeted attacks and how they work can be found in the Lab's YouTube video.