Symantec today warned about a new, zero-day vulnerability in Adobe Reader that attackers are going after with poisoned .pdf e-mail attachments.
The assaults target a zero-day flaw in Adobe’s program, which means there isn’t yet any patch available. According to Symantec the attacks currently focus on “high-ranking people within different organizations,” and though the company isn’t directly confirming the method, the announcement appears to describe an attack that uses a .pdf e-mail attachment. Symantec did say ” the simplest way to spread this threat is to send it as an e-mail attachment.”
I expect that as a targeted attack using a zero-day, the e-mails in question would be convincing and well-crafted. If the attack is successful, it will install a Trojan onto the victim machine. The malware is capable of giving remote-control access to the attackers, Symantec says, and the end goal may be the theft of corporate documents.
Symantec says it is in contact with Adobe, so lets hope we see a patch soon. Until then, be on the lookout for e-mails with .pdf attachments. The company suggests disabling Javascript in Adobe Reader to help mitigate the threat, and I’d also suggest uploading all .pdf attachments to Virustotal.com for scanning. A clean bill of health from Virustotal doesn’t guarantee a file is safe, particularly when the crooks may be using brand-new, small-scale malware, but if you get multiple warnings from the various scanner then you should verify the file is real (by contacting the sender, for instance) before opening it.
I’d guess this current attack is purposely small scale so that the e-mailed attacks have a better chance of evading antivirus protection, but it may be more widespread. And it’s especially dangerous if you do happen to get targeted, so keep an eye out. And I’ll update this post if Symantec provides any examples of attack e-mails.