PDF files under attack
On Monday, Adobe released a patch for versions 8.1 and earlier of its Acrobat and Acrobat Reader. This patch affects Windows XP SP2 with IE7 and Adobe Reader 7 through 8.1 and addresses the flaws cited in CVE-2007-5020. If exploited, a criminal hacker could launch malicious code on an affected system.
Security researcher Petko D. Petkov first blogged about the vulnerablity in September and predicted that shortly after the patch's release there would be a flood of proof-of-concept exploits on the Internet. He was right. Because of the extremely high risk, Adobe is encouraging everyone to install the patch and update to Acrobat and Acrobat Reader version 8.1.1.
One of the exploits has been traced to the Russian Business Network (RBN). According to iSight Partners, the exploit installs two rootkit files from the UrSnif family. "Servers (81.95.146.1xx and 81.95.147.1xx) used in the attack have a history of malicious abuse including VML UrSnif attacks, animated cursor exploitation (ANI), and CoolWebSearch installations," says Ken Dunham of iSight Partners.
Dunham adds that the RBN attack arrives through e-mails with the subject of "STATEMET indigene" and attachments "YOUR_BILL.PDF" and "INVOICE.PDF".
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 
