Exploits expected to grow for Adobe Reader zero-day bug

Adobe is looking into what researchers term a "very bad" zero-day vulnerability in its popular Reader and Acrobat software.

The flaw is being actively exploited through the spread of malicious PDF files, according to Symantec. The executable is disguised as part of an email attachment. If users who have any version of Reader or Acrobat installed on their machines were to click on the attachment -- even if their PCs are fully patched -- they will be hit with the exploit.

Ben Greenbaum, senior research manager at Symantec Security Response, told SCMagazineUS.com on Tuesday that malware will be installed on the victim's computer and a secondary download also is likely to occur, which will install a trojan that attempts to steal financial data by hijacking keystrokes. Affected machines also likely will become part of a botnet.

"Depending on how long Adobe takes to get a patch out, this is something that is very likely to be added to the attacker's toolkit," Greenbaum said. "This is going to be a commodity, I would guess, in short order."

David Lenoe, a security program manager at Adobe, said Monday in a blog post that the vulnerability impacts Reader and Acrobat 9.2 and earlier versions.

"We are currently investigating this issue and assessing the risk to our customers," he said.

"We did not discover this vulnerability but have received multiple reports of this issue and have examined multiple different copies of malicious PDFs that exploit this issue," Shadowserver members Steven Adair and Matt Richard wrote in a blog post Monday. "This is legit and is very bad."

The pair recommends organizations consider disabling JavaScript in Reader.

Meanwhile, the SANS Internet Storm Center on Tuesday posted details on one of the exploit samples it received.