10 Dec 2011
Malware writers are continuing to exploit a high-profile zero-day flaw in Adobe Acrobat and Reader, using a spam attack to spread the remote code execution vulnerability in the wild.
The attack arrives as an unsolicited financial report claiming to be from Barclay's Capital, according to security firm Sophos.
The attached PDF file launches the Reader and Acrobat attack, and specially crafted code within the file targets the vulnerability and attempts to download malware-serving Trojans.
"We have started seeing a small number of targeted samples in Sophos Labs of attackers trying to use this vulnerability in email attachments. The emails are well crafted and look very believable," Sophos senior security advisor Chester Wisniewski said in a blog post.
Adobe has been working to address the flaw with an out-of-cycle security fix scheduled to arrive some time in the coming week.
Microsoft is also scheduled to release its monthly security update in the coming days. The 13 December update is slated to deliver 14 bulletins covering 20 security flaws in Windows, Office and Internet Explorer.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
A Multi-national data analytic's and cloud computing...
A multi-national software solutions organisation are...
A multi-national software solution provider are looking...
Service Delivery Manager, Customer Service, PCT, Primary...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?