Security researchers at Trend Micro Inc. have discovered another malware variant attempting to exploit a PDF zero-day vulnerability identified last month in Adobe Reader.
The malware, being delivered in malicious PDF email attachments, targets
"Once connected, a malicious user may execute any command on the affected system," De La Torre said.
Researchers discovered the Adobe zero-day vulnerability in Reader and Acrobat Dec. 15, but the software maker has held back on pushing out a patch to users until its regularly scheduled patch update, due out Jan. 12.
"We estimated that delivering an out-of-cycle update would require somewhere between two and three weeks," Brad Arkin, Adobe's director of product security and privacy wrote in a blog entry. "Unfortunately, this option would also negatively impact the timing of the next quarterly security update for Adobe Reader and Acrobat scheduled for Jan. 12, 2010."
Few details are known about the flaw, but Adobe issued an advisory last month calling the vulnerability critical, and warning that it was being actively exploited in the wild.
In addition, Adobe said Microsoft's Data Execution Prevention functionality can be enabled to help minimize the risk to end users. The feature prevents malicious code from activating in non-executable memory.
"With the DEP mitigation in place, the impact of this exploit has been reduced to a denial-of-service during our testing," Adobe said.
Adobe has come under increasing pressure in 2009 to focus on its secure software development lifecycle and find better ways topush out patches. The popular Reader and Acrobat software is estimated to be used by millions of people, but a study last summer found that users were slow in installing the latest security updates. Adobe's Arkin says the company's software engineering team has made significant improvements, including implementing a quarterly patch cycle and better communication with users. A new update utility is also being tested that could speed up the process.
Other security researchers have warned that the PDF attacks targeting the zero-day vulnerability appear to be using increasingly sophisticated code. Bojan Zdrnja, senior information security consultant at Croatia-based security firm Infigo IS, analyzed a malicious PDF malware variant that uses egg-hunting shellcode. Once open on a victim's computer, it seeks out malicious code embedded within objects in the PDF file.
"This one had everything embedded so it was as stealthy as possible; no connections are made to the Web at all," Zdrnja said in a recent interview.