A specially crafted .PDF file, detected by Trend Micro as TROJ_PIDIEF.ASP, was recently found to be hosted by several Indian, Thai, and New Zealand websites.

The Trojan takes advantage of critical vulnerabilities in Adobe Reader 9.1.3 and Acrobat 9.1.3; Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh, and UNIX; and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities can cause the application to crash and can potentially allow an attacker to take control of an affected system. Adobe has thus advised users to patch their systems and download the necessary updates.

The Trojan belongs to an old but notable malware family known as “ASProx,” which plagued the Web last year. It was so notable that it made its way to Trend Micro’s Top 8 in 2008 list.

Most ASProx variants, including this most recent one, exhibited the same payload. They first compromised several websites. Visiting the said sites then triggerred redirections to various malicious URLs that ultimately led to the download of more malicious files.

The recent reemergence of the ASProx code or the cybercriminals behind it may not have brought anything new to the table but it is noteworthy in that this attack seemingly brought the botnet back from the dead after almost a year of inactivity.

Users, as usual, are thus warned to refrain from opening suspicious-looking files. They are also strongly advised to patch their systems regularly to avoid becoming prey to vulnerability exploits.

Trend Micro Smart Protection Network™ protects users from this threat by blocking access to malicious URLs and preventing the download of malicious files. Mac users are also protected through Trend Micro Security for Mac and Smart Surfing for Mac.

Non-Trend Micro product users, on the other hand, can also stay protected with Housecall, Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

Important correction, posted October 16, 2009: TROJ_PIDIEF.ASP exploits vulnerabilities cited in CVE-2009-0927 and CVE-2007-5659, not the previously posted vulnerability discussed in the second paragraph above. We apologize for any confusion caused by this oversight. Adobe users should enable the auto-update feature in their product to receive patches that address these vulnerabilities.