Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Zeus Botnet Exploits Newfound Vulnerability in PDF 'Feature'

by Terrence O'Brien on April 19, 2010 at 01:40 PM

Zeus Botnet Rushes to Exploit PDF
Just over a week ago, researchers demonstrated the PDF vulnerability that turns a so-called "feature" into a back door, through which criminal minds could infect a user's PC. Now, hackers have released an attack that takes advantage of said "feature."

The widespread Zeus botnet has been updated and packaged in PDF form, and is now landing in e-mail inboxes around the world. Security firm M86 discovered the e-mails in question, which claim to be from the Royal Mail and come with the Zeus botnet executable, packaged in a PDF file. The current implementation is admittedly clumsy, and requires users to click through and to accept two dialog boxes before the code can execute itself and then infect a PC.

Users can protect themselves by simply disabling Javascript or the launch feature within Adobe Reader. Other lightweight readers like Sumatra, which lack these more advanced features, are immune to the attack. Since most users will never use the launch feature that is being exploited, we highly recommend that readers simply drop Adobe Reader (which has a well earned reputation for being a bit of a resource hog), and instead pick up the simpler Sumatra or even Foxit, which has been patched to protect against the flaw. [From: ZDNET]

Tags: adobe, adobereader, botnet, m86, pdf, security, top, zeus

HuffPost AOL Social News Most Popular