On Monday, Adobe patched vulnerabilities in versions 8.1 and earlier of its Acrobat and Acrobat Reader. If exploited, an attacker could launch malicious code on an affected system.
This patch affects Windows XP SP2 with IE7 and Adobe Reader 7 through 8.1 and addresses the flaws cited in CVE-2007-5020.
Security researcher Petko D. Petkov first blogged about the vulnerablity in September and predicted that shortly after the patch's release there would be a flood of proof-of-concept exploits on the Internet. He was right.
One of the exploits has been traced to the Russian Business Network (RBN). According to iSight Partners, the exploit installs two rootkit files from the UrSnif family.
"Servers (81.95.146.1xx and 81.95.147.1xx) used in the attack have a history of malicious abuse including VML UrSnif attacks, animated cursor exploitation (ANI), and CoolWebSearch installations," said Ken Dunham of iSight Partners.
Dunham said the RBN attack arrives through e-mails with the subject of "STATEMET indigene" and attachments "YOUR_BILL.PDF" and "INVOICE.PDF".
Because of the extremely high risk, Adobe is encouraging everyone to install the patch and update to Acrobat and Acrobat Reader version 8.1.1.
