Pdf malware is being actively distributed. Our user community is seeing a slew of rigged pdf files attacking various buffer overflow vulnerabilities in the Adobe Acrobat Reader software, including the newest publicly known. Sometimes, the user is duped into downloading malicious files appearing to be Microsoft software updates. More often, they appear to be downloading silent malicious installers.
For example, a chunk of the standard download and execute shellcode that we are currently seeing pulls a file from hxxp://ascoprguide. net/lel / load.php?xpl=pdf, renames it as c:\U.exe, and runs it on the victim’s system. This “U.exe” then runs and installs other adware and spyware related components.
Other downloads are installing various Rogueware packages, like the ones we presented at Virus Bulletin 2008.