This morning Malware Domain List tweeted a 0/57 detection malware PDF which was/is not detected as malware by any AV product on VirusTotal.com:
The PDF has the following attributes:
Original filename: 2015-03-05Label.pdf
Size: 96697 bytes
content/type: PDF document, version 1.5
Loading the PDF into PDFExaminer does detect an exploit, which is actually more of a "feature" of PDF to link to external content, however, linking to a remote EXE is always bad and probably should be detected in the PDF:
Drilling down to the malicious object in PDFExaminer reveals an external hyperlink to an remote executable:
Now opening the PDF reveals how a user could be exploited, but they still need to click a malicious link to download and execute the malware. So while AV may not protect you from this attack vector initially, about half the AV products tested will detect the downloaded remote executable. User education to avoid clicking suspicious links is a key defence here.
The PDF contents:
AV detection for the remote executable linked to from this PDF is 25/57:
And finally, you can use PDFExaminer for free, online to detect this and other potential threats in PDF documents.