Adobe Security Breach Leads to Nasty Spam Attack

Filed in archive Spam News on October 25, 2007

A serious security hole has been found in Adobe's Reader and Acrobat programs. The hole allows an attacker to execute a code within either program that allows them to take over the users computer. Adobe patched the breach yesterday-you can find the patches here-but it may be too late. Symantec has reported a new wave of PDF spam designed to take advantage of those holes. The spams arrive with subject lines like "Invoice" and blank bodies. A PDF file is attached. When an unwitting user opens it, a Trojan, called Trojan.Pidief.A, is installed on their computer along with a flood of malware. While it seems this particular attack is aimed at businesses, anyone who uses Acrobat or Reader should download and install the patches. It's believed some of the spam is coming from the Russian Business Network, a nefarious organization that offers hosting and protection to child pornographers and identity thieves, among others.