Author: Stephen Northcutt

Date: April 15, 2010

Exploit details

Zeus is showing its adaptability by spreading through an unpatched PDF vulnerability. The new variant of Zeus, the malware that turns infected computers into botnet slaves, uses malicious attack code embedded in a PDF document; when users open the document, they are prompted to save a file called Royal_Mail_Delivery_Notice-dot-pdf that is really a malicious Windows executable. Technically, the flaw is not a vulnerability but "a by-design function of Adobe's specification." Just last week, researchers cautioned that attackers were likely to start exploiting this PDF bug. Adobe has posted information to help users mitigate the risk of having their computers infected through this vector.

Related Links

• http://www.computerworld.com/s/article/9175612/Zeus_botnet_exploits_unpatched_PDF_flaw
• http://www.computerworld.com/s/article/9175159/Researcher_warns_of_impending_PDF_attack_wave?taxonomyId=82
• http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html