IBM's Internet Security Systems division is warning customers about a wave of spam messages in the wild containing malicious PDF files trying to exploit the recently patched JBIG2 flaw.
In a blog posting, members of the ISS X-Force research team said the malicious code may have been integrated into toolkits in recent days. Messages sent by spam bots have been detected. The messages appear to be originating from Taiwan, IBM said.
IBM warned that the malicious files could be opened simply by opening a spam email since PDFs are sometimes auto-loaded by certain applications.
Adobe issued a critical update last week, plugging the JBIG2 flaw. Attackers had been attempting to exploit the processing error in Adobe Acrobat Reader 8 and 9, which results in a buffer overflow.
Adobe Reader 9.1 and Acrobat 9.1 update corrects the JBIG2 stream array indexing error. The image compression format is used to convert binary images.
Adobe said it should have a patch release today for Adobe Reader 7 and 8, and Acrobat 7 and 8. An update to Adobe Reader 9.1 for Unix will be released by March 25.