McAfee Avert Labs today observed e-mail messages with malicious PDF attachments exploiting the critical Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability (CVE-2007-5020) being spammed in the wild. Successful exploitation leads to a batch file being executed on the victim’s machine that disables the built-in windows firewall and then downloads a password stealer from an ip address located on the RBN network.

Malware authors will find this technique of sending exploit-laden PDF files extremely profitable especially in targeted attacks since the Portable Document Format is the de-facto standard for exchanging electronic documents. PDF files have traditionally been unfiltered at the email gateway and until recently were considered risk free in stark contrast to the notorious history associated with Microsoft Office documents. Computer Security Research - McAfee Avert Labs Blog

Technorati Tags: ,