Hackers distribute malicious code to attack Reader, Acrobat

Security firm Symantec said that just a few hours after Adobe released a security patch for PDF Reader and Acrobat, the bug was released to the Internet.

'Malicious code is sent in the form of junk email targeting users who have not installed the latest Adobe patch,' Symantec said. Often the attached files containing the exploit code are called ' YOUR_BILL.pdf ' or ' INVOICE.pdf '. If a user accidentally opens files on their PC, they will immediately be infected with a Trojan named ' Pidief.a '. The main function of this Trojan is to disable the Windows firewall and download more malicious code directly from hackers' servers .

'As far as we are concerned, the malicious server still exists on the Internet. The connection between malicious code and server is done via FPT protocol. This is a very well-known server for storing many different types of malicious code, ' Symantec said.

Adobe's patch released on October 22 aimed to address the 'mailto:' handling of PDF Reader and Acrobat. This error can be exploited by hackers to remotely control malicious code on the PC. The root of this error is the URI error in Internet Explorer 7 and Windows XP.

Users are advised to quickly upgrade to Adobe Reader version 8.1.1 and Acrobat 8.1.1.

Hoang Dung