PDFs Led Malware Threats in Oct.

Malicious PDF files accounted for up to two thirds of infected email in three-day spam campaign

BOSTON -- IT security and control firm Sophos has revealed the most prevalent malware threats and countries causing problems for computer users around the world during October 2007.

The study, compiled by Sophos's global network of monitoring stations, has shown that a new Trojan horse, PDFex, which is typically spammed out in email messages with an infected Adobe Acrobat PDF attachment, has smashed its way into third position in the chart. The Trojan was widely spammed out in an attack during the last few days of October, taking advantage of an unpatched Windows vulnerability to infect innocent PCs.

"PDFex only started to circulate at the very end of the month, but still managed to account for more than 13 percent of all emailed malware during October. It was heavily spammed out between October 26-28, and during that period, it accounted for a staggering two-thirds, or 66 percent, of all malware spread via email," said Carole Theriault, senior security consultant at Sophos. "PDFs have long been used in business as a means of sharing information, so the social engineering trickery of using a PDF puts insufficiently protected businesses at risk. Adobe has issued an update to its Acrobat software that fixes the problem, and eyes are now turned to Microsoft to patch the underlying flaw in Windows, which could also affect other vulnerable applications such as Skype and Firefox."

Sophos plc

Editors' Choice
Nathan Eddy, Contributing Writer, Dark Reading
Jai Vijayan, Contributing Writer, Dark Reading
Andrada Fiscutean, Contributing Writer, Dark Reading