PDF Malware Hits Acrobat Reader Flaw

PC Tools is reporting an increase in PDF-based malware, some of which can evade antivirus software.

According to a PC Tools blog posting, the security vendor's user community is seeing a slew of rigged PDF files attacking various buffer overflow vulnerabilities in the Adobe Acrobat Reader software. The PDF malware attacks target the newest publicly known Adobe Acrobat Reader vulnerability. Adobe issued a patch last week.

On some occasions users are duped into downloading malicious files that appear to be Microsoft software updates. More often, users appear to be downloading silent malicious installers.

Worryingly, two of the downloaded, packed files behave in a way that evades antivirus file scanning.

The PC Tools blog posting says: "A chunk of the standard download and execute shellcode that we are currently seeing pulls a file from hxxp://ascoprguide. net/lel / load.php?xpl=pdf, renames it as c:\\U.exe, and runs it on the victim's system. This "U.exe" then runs and installs other adware and spyware related components."