We are seeing users get infected with Trojan.Zonebac, which can only mean successful exploitation by one of the current Adobe PDF vulnerabilities (we know of at least one vulnerability that is apparently being used in malicious banner advertisements). It’s likely not epidemic, but there has been an uptick.
Unlike earlier reports, this issue is now known to affect practically the entire population of Adobe users who aren’t running version 8.1.2. The following list from our friends at Symantec’s Deepsight is elucidating:
Vulnerable Systems
Adobe Acrobat 3D
Adobe Acrobat Professional 7.0.0
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Reader 3.0.0
Adobe Acrobat Reader 4.0.0
Adobe Acrobat Reader 4.0.0 5
Adobe Acrobat Reader 4.0.0 5c
Adobe Acrobat Reader 4.0.5 A
Adobe Acrobat Reader 5.0.0
Adobe Acrobat Reader 5.0.10
Adobe Acrobat Reader 5.0.5
Adobe Acrobat Reader 5.1.0
Adobe Acrobat Reader 6.0.0
Adobe Acrobat Reader 6.0.1
Adobe Acrobat Reader 6.0.2
Adobe Acrobat Reader 6.0.3
Adobe Acrobat Reader 6.0.4
Adobe Acrobat Reader 7.0.0
Adobe Acrobat Reader 7.0.1
Adobe Acrobat Reader 7.0.2
Adobe Acrobat Reader 7.0.3
Adobe Acrobat Reader 7.0.4
Adobe Acrobat Reader 7.0.5
Adobe Acrobat Reader 7.0.6
Adobe Acrobat Reader 7.0.7
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 8.0
Adobe Acrobat Reader 8.1
Adobe Acrobat Reader 8.1.1
Adobe Acrobat Standard 8.1.1
Non-Vulnerable Systems
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Reader 8.1.2
Adobe Acrobat Standard 8.1.2
The one exploit we believe to be used in banner ads is very nasty one, which provides a wide open path to install the trojan on a user’s PC. Plenty of people have already reported on this thing, so I won’t bother to rehash what’s already out there.
But my advise is to update Adobe URGENTLY. Or get the FoxIt reader. This is a serious issue.
Alex Eckelberry