How this vulnerability is being used right now:
Currently, the people who are using this vulnerability are sending out pdf files to “victims” using Social Engineering tactics. E-mails will possibly be marked as “urgent” or “High Importance”. The English in the e-mails may not be perfect. It’s not clear if the vulnerability will scan your address book and use your contacts to further the infection. If you open the pdf file, it will trigger the vulnerability, which will cause Acrobat to crash. The pdf file may, or may not download a “payload” which could be a virus, trojan, or other malware. The reports indicate that the vulnerability is used to install a keylogger and to data mine your computer. (Data mining is a fancy way of saying “look for anything they think is valuable, and send a copy of it back to them.”)
What to do about this:
Adobe also says that they will release a patch on or around January 12, 2010 to fix this.
What problems lie ahead:
On another note, this is a good time to bring up the issue of Digital Signatures and encrypting your e-mails. If you have a digital signature, use it. If you don’t have one, then get one. They’re not expensive. Let your recipients know that if they receive an attachment from you, that doesn’t have this signature, delete the e-mail, and request that you resend it with the signature.
Yes, this will create a little hassle for you and them. But, I ask you this. Is it better to be hassled by this, or better to have your name associated with spreading a virus?
Have a great day:)