Our good friends over at iDefense sent us a heads-up on some nastiness occurring with unpatched Adobe Acrobat 7 and 8 versions.
According to their advisory (attached here, PDF):
Since Jan. 20, 2008, banner ads have actively served malicious PDF files that exploit the vulnerability and install the Zonebac Trojan horse. Once installed, the Trojan kills various antivirus products and modifies search results and banner ads. A similar attack occurred in October 2007 when the same group used a Realplayer zero-day exploit to install the Zonebac Trojan.
No anti-virus vendors currently detect the malicious PDF files. This type of exploit can be used in Web browser and email attack vectors. This vulnerability affects Adobe Acrobat Reader v7.x and versions prior to 8.1.2. Complete mitigation requires upgrading to Adobe Acrobat 8.1.2.
Adobe security advisory link here.
We’ve analyzed the binaries of this attack and it’s real. Updating Acrobat is easy: Just go to Help/Check for Updates. Do it as quickly as possible.
Alex Eckelberry