The Portable Document Format, or PDF for short, has always been a popular way of distributing documents. It’s no surprise then that cybercriminals have tried to use it as a means of spreading malicious files.
Yesterday, the Shadowserver Foundation underlined the severity of this problem when they released details about a new vulnerability in versions of both Adobe Acrobat and Adobe Reader. Folks at Adobe assured users that they are working on a patch, to be released in March.
Trend Micro already detects files that exploit the new vulnerability as TROJ_PIDIEF.IN. These specially crafted PDF files crash Acrobat and/or Reader–but not before they drop malicious files onto the affected system. The exact malware that is dropped varies, but includes backdoors like BKDR_NETCL.A, and other software exploits like EXPL_EXECOD.A. The potential of an exploit like this is only limited by the imagination of cybercriminals. It spreads the same way normal PDF files can be distributed–either as an email attachment, or downloaded from Websites.
Update as of 22 February 2009, 7PM PST
Figure 1. How to disable Adobe JS.
More information on this vulnerability, as well as all the related malware, could be found on the Trend Micro security advisories page.