SAN JOSE, Calif. -- F-Secure has been monitoring a large mailing of malicious PDF files. These PDF files exploit a recent vulnerability. When such PDF files are viewed on vulnerable machines, they get infected.
An unknown party has been sending out tens of thousands of mails with subject-lines like:
- Your credit report
- Personal Financial Statement
- Your Credit File
- Balance Report
"We're worried about this case, as PDF attachments are typically not filtered at email gateways", says F-Secure's Chief Research Officer Mikko Hypponen. "Executable files are now stripped almost everywhere, but PDF is stripped almost nowhere. Also, a security update for Acrobat Reader was just made available few days ago, so there are tons of users who haven't had a chance to update yet".