A newly discovered zero-day vulnerability within Adobe's Acrobat Reader is being actively targeted by attackers,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
warns researchers at Symantec Corp.
Hackers have been spreading malicious PDF files containing the Pidief Trojan. If a person opens the file, the Trojan attempts to exploit an unpatched processing error in Adobe Acrobat Reader 8 and 9, which results in a buffer overflow.
"Malicious PDFs using this exploit will be detected as Trojan.Pidief.E," Symantec said in a statement.
Kevin Haley, director of security response at Symantec said researchers there were given a sample of the threat Feb. 12. The first signs of it appearing in the wild were discovered in Japan. So far the Trojan seems to be spreading slowly, targeting company managers and senior level executives, Haley said.
"Our speculation is that since there's so few of these, they're targeted at high level people or specific government agencies," he said. "We haven't seen a carpet bomb of anybody in certain company or agency. It's been tightly controlled."
Exploit code is circulating in the wild in the U.S., China, Japan, Taiwan and the U.K.
Adobe acknowledged the zero-day in an advisory to customers calling it critical. It confirmed the flaw in Adobe Reader 9 and Acrobat 9 as well as Adobe Reader and Acrobat 8.1.3 and earlier versions.
"This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe said in its advisory.
Adobe said it is in the process of fixing the processing error and will release the first fixes by March 11.
Danish vulnerability clearinghouse Secunia gave the zero-day an extremely critical rating. In its advisory, Secunia said the flaw could be exploited to access critical system files.
"You have the choice of small loss in functionality and a crash versus your systems being compromised and all your data being stolen," Adair wrote in a Shadowserver post. "It should be an easy choice."
Editor's note: This story was updated to include comment from Symantec's Kevin Haley.