Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn.
http://voices.washingtonpost.com/securityfix/2009/02/attackers_exploiting_unpatched.html
Hi FwF,
Because of all these reappearing flaws/holes/vulnerabilities, and also because of the question with Web Bugs on the hard disk, I have: http://www.foxitsoftware.com/pdf/rd_intro.php
Actually never looked back,
polonus
P.S. Another reason to switch, it won’t be patched earlier as March this year:
http://www.adobe.com/support/security/advisories/apsa09-01.html
Newbie question - Does AVAST have a signature for this? i know it is a vulnerability, just not sure if AVAST or how AVAST can help.
That’s March, polonus, not May. From the Adobe link you posted:
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers.Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.
Since the exploit uses JavaScript in the pdf file, I’ve disabled JavaScript in Adobe Reader per the instructions in the security article Frank linked. Also, Firefox with NoScript will prevent the automatic opening of pdf files served by an untrusted site.
@SWH: If a malicious pdf manages to install malware on your PC that Avast has in its database, then Avast On-Access protection should stop the malware’s execution. But never count on it! Don’t open unexpected emailed files or files from untrusted sources. And make sure your OS is up to date.
@polonus: I’m not confident that Foxit Reader couldn’t have vulnerabilities that only the bad guys know about. I’ll stick with the devil I know. 
Edit: What web bug issue? :o
Hi Alan Baxter,
I have corrected that particular “slip of the keyboard”, thanks for your attentiveness. No, but I think it is just the application everybody uses that will get infected, because the malcreants use these exploits by choice. Why go for a reader that only a small percentage of users use, it is not worth the trouble. That is why I always feel a bit better on Flock with NoScript than on Firefox with NoScript, but in a certain way we were educated here through these forums to think in these terms.
Malcreants also check their malware against the major av vendors to evade detecting, so the second league of av-products will have a better detection percentage. Also the major av engines are blocked by malware preferably, the second league is less prone to that (another reason to use avast, my friend!),
polonus
P.S. with webbugs here I mean the Super Bugs: add on against these is BetterPrivacy…
Yes, you’re right. The biggest vendors are more attractive targets of malware. I installed the Firefox BetterPrivacy extension on the recommendation of Giorgio Maone and someone else on the NoScript forum. You, I think. 
Hi Alan Baxter,
That was my alter alias luntrus, he posts in MozillaZine forum threads,
polonus aka luntrus aka Damian
P.S. Technical description of the exploit:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-102310-3513-99&tabid=2
I got rid of Adobe Reader last month. It has always been slow and a bit archaic. I now use Cool PDF Reader and it works like a charm. It is very fast, low on resource usage, and free.
View and Print PDF
Convert PDF to BMP, JPG, GIF, PNG, WMF, EMF, EPS
Extract PDF to TXT
Support PDF files of all versions
Work with 68+ different languages
Zoom in/out and Rotate page displays
Slide show PDF document with full screen
Small in size, only 626KB
http://www.pdf2exe.com/reader.html
Release Note: Standard Installer and All-in-One Install require Power Users or Administrator privilege. Standalone Package works with even Guest privilege.
Designed for Microsoft Windows Vista, Windows XP, Windows 2000, and Windows Server 2009, 2003.
Thanks for that Charley O.Downloaded it and will give it a try.You get some good tips here.Do you know who will win the 3.30.at Doncaster.Last bit just my Brit Humour. ;D.
Mostly likely a horse. Almost 100% cert.
Hi codhead and FwF,
Well, couldn’t it be a plane? Because the aviation museum is near… Doncaster that is…
polonus
Click pic for animation
Cool plane.I like the old prop ones.It looks like a American 1940,s Flying Fortress but I could be wrong.Can you get it to bomb the malware off the net. ;D.
You are welcome, cod head. Hope you like it as well as I do.
Sorry to be a dissonant voice but tonight I (Revo Uninstaller) uninstalled Abode Reader 9 and installed the recommended Cool PDF Reader.
The first PDF file I looked at (Amtrak train timetables here in Northern California) was so thoroughly ghastly and just about unreadable in the Cool PDF Reader rendering that I immediately took my system back to the moment before my Adobe 9 un-install.
Now the Amtrak Train timetable looks like the offering of a professional site again rather than the spaced out 16 color rendering by Cool PDF Reader.
Cool PDF Reader is not for me.
I have just printed off something with cool pdf reader and it looks fine to me.Everyone is entitled to there opinion though.Just my two cents. ;).
Yep … everyone has their own opinion and what works for some, does not work for others.
I’ve tested other pdf readers and like Alanrf I always come back to the original Adobe one…
I have used FoxIt reader have done for some considerable time now and I don’t have any problems with it, display or printing, never went back to acrobat reader.
The one thing I don’t do is open pdf files directly on-line, I always download them and read off-line.
Hi FwF and others,
Adobe still very, very vulnerable, but FoxOt Reader fully patched: http://www.foxitsoftware.com/pdf/reader/security.htm
Download: http://www.foxitsoftware.com/products/
polonus
I appreciate the details provided by Foxit at the link you provided, polonus. http://www.foxitsoftware.com/pdf/reader/security.htm
Apparently Foxit has known about these vulnerabilities since Feb 18. The Secunia Advisory lists these vulnerabilities as “Highly critical”. http://secunia.com/advisories/34036/
I haven’t heard of any exploits though. Apparently Foxit got the update out before the bad guys discovered it. But now that the cat’s out of the bag, anybody that doesn’t know about the security update is especially vulnerable.