Hackers exploit Adobe vulnerability

Posted by Emma Woollacott

Hackers have been attempting to exploit an unpatched hole in Adobe Reader's PDF document format using a variant of the infamous Zeus bot.

It comes in the form of a malicious PDF file that embeds the attack code in the document.

"When this PDF is opened In Adobe Reader with JavaScript enabled, the exportDataOject function causes a dialog box to be displayed asking the user to 'specify a file to extract to'," says Gavin Neale of M86 Security.

"The default file is the name of the attachment, Royal_Mail_Delivery_Notice.pdf. This could be somewhat confusing to users, and not really knowing what is happening, they may just click save (It appears as if they are just saving a PDF file after all). Users of Foxit PDF reader will get no warning and the attachment will be saved to the users Documents folder."

Adobe hasn't given the hole a critical rating because Reader does issue a warning. But Ben Hubbard, CTO of Websense, told PC Advisor that this would have limited value as people tend to trust PDFs.

"No one is blanket-blocking PDFs at the gateway. There's so much business value in PDFs, and they're very pervasive," he said.

There have been thousands of attacks using this technique, and they are still continuing, says Neale.