As reported by Computerworld, the Zeus botnet is currently using an unpatched flaw in the Adobe PDF document format to infect users’ PCs with malicious code.
These attacks were predicted by experts once the “/launch” design flaw in PDF documents became known.
Upon opening the rogue PDF file, users are asked to save a PDF file, e.g. “Royal_Mail_Delivery_Notice.pdf”, yet, said file actually is a Windows executable that hijacks the PC when it runs.
Sadly enough, this is – strictly speaking – not even an actual security vulnerability, but rather a by-design function of Adobe’s specifications which can even exploit fully-patched versions of Adobe Reader and Adobe Acrobat.
To make matters worse, this issues was already raised in August 2009 and presented at the Black Hat USA conference.
Detailed instructions on how to remedy this situation area available in this Adobe Reader Blog entry.
For assistance in implementing Adobe’s workaround and/or for help with reviewing your computer system security and protective measures, contact us today.
