Attack follows Acrobat update

Stephen Withers
Thursday, 25 October 2007 03:15

Your IT - Home IT

Windows users who failed to apply this week's update to Adobe Acrobat and Reader are being targeted by criminal elements. Malformed PDF files purporting to be invoices or other financial documents are arriving in spam emails. If the files are opened on an unpatched system with Internet Explorer 7 on Windows XP or Server 2003, the exploit disables the Windows Firewall, then fetches a downloader program which in turn installs a rootkit.

According to reports, at least one of the servers involved in the attack is associated with the Russian Business Network, a group that has been linked to other major malware outbreaks.

"So far we have seen a fair number of emails containing this new Trojan in the wild," said Hon Lau, senior security response manager at Symantec. "It is likely that Trojan.Pidief.A has been spammed out in targeted attacks on specific business organizations."

Hon Lau and other experts are recommending that users apply Adobe's patch promptly, update their antivirus definitions, and treat incoming PDF attachments with particular caution.