Content

Beware of PDF rootkit-laden spam

It looks like PDF spam pushing pump-and-dump stocks and pharmaceuticals has died down, but the popular file format has a new use - to carry malware.

Researchers began reporting late Tuesday that Russian Business Network-hosted spam is making the rounds, and it's carrying an exploit for the Adobe Acrobat and Reader 8.1 vulnerability that was patched Monday.

That means, much like we've seen in the past, the hostile files began appearing just one day after the flaw was fixed.

The exploit installs two rootkit files from the UrSnif family that are after victims' financial data, iSight Partners' Ken Dunham said in an email.

Users can get infected either by clicking on a malicious email PDF or by visiting a website hosting the harmful PDF.

Considering how widespread PDF files are, it's wise to get this one fixed as soon as possible.

Researchers predict we're going to start seeing more of these PDF attacks, so if that trend continues, Washington Post's Brian Krebs might be on to something with a recommendation he made this week for end-users.

You can opt for the free Foxit Reader 2.2 for Windows, instead of Adobe - much like you might use Mozilla Firefox instead of IE.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.