Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper. I give five heuristics for detection and/or more in-depth parsing of malicious PDF files. I gather a corpus of 130 000 PDF files, of which half were malicious. For the presentation I gathered a larger corpus (concentrating on files with JavaScript) and that gave:. The definition of malicious differs the first overly agreesive and the second less so.”]
Source: https://nakedsecurity.sophos.com/2010/10/08/malicious-pdfs-points-vb2010-presentation/