Tuesday, 30 October 2007

Malicious PDF Files Being Spammed out in Volume

Anti-virus and Security Company F-Secure said yesterday that is has been monitoring a large mailing of malicious PDF files which exploit a recent vulnerability and when viewed on vulnerable machines, get infected.

According to statement released, an unknown party has been sending out tens of thousands of mails with Subject-lines like:

Your credit report
Personal Financial Statement
Your Credit File
Balance Report

The mails contain no mail body, only an attachment called "report.pdf". When opened,
the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and IE7 and
downloads further malware from a server in Malaysia. The target of the malware seems
to be to create a botnet of infected machines to be used for further malicious activity.

"We're worried about this case, as PDF attachments are typically not filtered at email
gateways,” says F-Secure's Chief Research Officer Mikko Hypponen.

"Executable files are now stripped almost everywhere, but PDF is stripped almost nowhere.”

"Also, a security update for Acrobat Reader was just made available few days ago, so
there are tons of users who haven't had a chance to update yet.”

F-Secure Anti-Virus detects the report.pdf malware as Exploit: W32/AdobeReader.K.