New PDF Attack Making the Rounds

With today's operating systems providing more security controls than ever, malicious hackers are turning to unpatched applications as a way to infiltrate users' systems. This week, a malicious PDF document that exploits security flaws in Adobe's popular Adobe Reader and Acrobat software, and in Internet Explorer on Windows XP and 2003, is making its way across the Internet, threatening to compromise PCs around the globe.

Adobe has actually fixed the flaw already and it shipped a free update on Monday for users of the latest versions of its software. But many Adobe customers don't regularly update their software--or, in millions of cases, don't even remember the software is even on their PCs. And Adobe has yet to ship an update for older versions of Reader and Acrobat. All of those users are still at risk.

But Adobe isn't completely to blame. The attack also takes advantage of a mailto: flaw in the IE 7 version for Windows XP and 2003 to spam mail the malicious document via an email attachment. The document typically has a name like YOUR_BILL.pdf or INVOICE.pdf, and launches a Trojan horse attack called Pidief.a when the document is opened. This Trojan shuts down the PC's firewall and downloads other malware directly to the PC, thus compromising the machine and putting it under the control of remote hackers.

While Microsoft plans an IE patch and Adobe has pledged to update earlier Reader and Acrobat versions, a little common sense will go a long ways towards combating this problem. As is always the case, users are cautioned from opening unexpected email attachments from unknown senders. And systems administrators are advised to temporarily block the delivery of PDF files via email attachment.