Encoding malicious PDFs avoids detection
Security researcher Brandon Dixon has discovered that attackers can thwart detection by most common anti-virus software if they encode malicious PDF files in the XDP format. XDP is an XML-based file format which includes the PDF as a Base64-encoded data stream. XDP files are opened by Adobe Reader just like a normal PDF would be and can therefore infect systems in the same way.
It has been common knowledge for a while that anti-virus software is relatively easy to fool, but that a simple encoding does the trick is still surprising. Dixon's test document, which uses a two-year-old security vulnerability in Adobe Reader, was only detected by one anti-virus package in his tests. After experimenting with the XDP format, he was able to create another file that fooled all 42 anti-virus engines used on VirusTotal.