14 DAY TRIAL // The story so far: a few days ago, a new PDF spam attack was starting, numerous consumers receiving dangerous emails containing malicious PDF files attempting to infect the victims' computers. The messages were attempting to exploit a vulnerability in Adobe Acrobat, one of the most popular applications when it comes to the Portable Document Format. According to the reports, Adobe's technology was not able to handle the mailto tags included in PDF files which could enable an attacker gain access to the affected system. The software glitch was confirmed in Adobe Acrobat and Adobe Acrobat Reader installed on Windows XP with Internet Explorer.
In case you didn't read the news, Adobe already fixed the flaw but the interesting aspect of the glitch was reported by Security Focus today. In a blog post published on the Microsoft Security Response Center, the Redmond-based company confirmed the problems with the PDF file format but it added that the exploitation can be enhanced by a Windows vulnerability.
"Because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability - they just close an attack vector," Bill Sisk of the Microsoft Security Response Center wrote on the blog. "As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution. Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues."
The PDF spam has always been a problem for many of the Internet users but it seems it is more powerful now when it attempts to take advantage of some Windows vulnerabilities. How can we protect ourselves? Avoid opening untrusted emails and downloading unknown PDF attachments included in the messages.
"To help protect yourself during the interim we continue to recommend that you should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources and/or visiting untrusted websites. This is absolutely one of the most effective ways to help protect yourself from a variety of threats on the Internet today", the Microsoft official advised the consumers.