Malicious PDF Files on the Loose

Reuters reports that emails containing malicious PDF files have been putting computers at risk since Friday. The danger is more pronounced because PDF attachments are usually not filtered at email gateways.

According to Finnish security software firm F-Secure, the emails look like credit card statements, with a subject line that says 'Your credit report', 'Personal Financial Statement', 'Balance Report' etc. The infected file has an attachment called report.pdf.

A security bulletin issued by Adobe specifies that the issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities.

Adobe claims to have patched the vulnerability in its latest updates to Reader and Acrobat; both tagged as Version 8.1.1. Users can utilize the product's automatic update facility, or get the latest versions from the downloads section.

Microsoft has been slower off the blocks, but the company says it's looking at addressing the vulnerability.