F-Secure has been monitoring a large mailing of malicious PDF
files.
These PDF files exploit a recent vulnerability. When such PDF
files are viewed on vulnerable machines, they get infected.
An unknown party has been sending out tens of thousands of mails
with Subject-lines like:
Your credit report
Personal Financial Statement
Your Credit File
Balance Report
The mails contain no mail body, only an attachment called
"report.pdf". When opened, the PDF file uses the CVE-2007-5020
vulnerability via Acrobat Reader and IE7 and downloads further
malware from a server in Malaysia. The target of the malware seems
to be to create a botnet of infected machines to be used for
further malicious activity.
"We're worried about this case, as PDF attachments are typically
not filtered at email gateways", says F-Secure's Chief Research
Officer Mikko Hypponen. "Executable files are now stripped almost
everywhere, but PDF is stripped almost nowhere".
"Also, a security update for Acrobat Reader was just made
available few days ago, so there are tons of users who haven't had
a chance to update yet".
F-Secure Anti-Virus detects the report.pdf malware as
Exploit:W32/AdobeReader.K.
Further information is available via F-Secure blog at
http://www.f-secure.com/weblog/
About F-Secure Corporation
F-Secure Corporation protects consumers and businesses against
computer viruses and other threats from the Internet and mobile
networks. F-Secure’s award-winning solutions are available as a
service subscription through more than 150 Internet service
provider and mobile operator partners around the world, making
F-Secure the global leader in this market. The solutions are also
available as licensed products through thousands of resellers
globally. F-Secure has received the Frost & Sullivan 2007 award
for Distribution Strategy Leadership. The company aspires to be the
most reliable security provider, helping make computer and
smartphone user’s networked lives safe and easy. This is
substantiated by the company’s independently proven ability to
respond faster to new threats than its main competitors. Founded in
1988, and headquartered in Finland, F-Secure has been listed on the
Helsinki Exchanges since 1999. The company has consistently been
one of the fastest growing publicly listed companies in the
industry. The latest news on real-time virus threat scenarios is
available at the F-Secure Data Security Lab weblog at
http://www.f-secure.com/weblog/
For more information, please contact:
F-Secure Corporation
Mikko Hypponen, Chief Research Officer
Tel. +358 400 648 180
Email:
firstname.lastname@f-secure.com
