Malware FAQ: Zeus Exploiting PDF Flaw to Infect PCs
Author: Stephen Northcutt
Date: April 15, 2010
Exploit details
Zeus is showing its adaptability by spreading through an unpatched PDF vulnerability. The new variant of Zeus, the malware that turns infected computers into botnet slaves, uses malicious attack code embedded in a PDF document; when users open the document, they are prompted to save a file called Royal_Mail_Delivery_Notice-dot-pdf
that is really a malicious Windows executable. Technically, the flaw is not a vulnerability but "a by-design function of Adobe's specification." Just last week, researchers cautioned that attackers were likely to start exploiting this PDF bug. Adobe has posted information to help users mitigate the risk of having their computers infected through this vector.