Reporting on this positive move by Adobe, Paul Baccas, a security researcher with Sophos, says that his colleagues in SophosLabs are currently seeing reports of a low-level attack, spamming out malicious PDF attachments.
Sophos products, he adds, detect the attack as Mal/PDFEx-J.
"The dangerous attached files use filenames of the form DD-MM-YYYY-NN.pdf (in other words, a date with a two digit number attached)", he said, adding that looking at the malware with different versions of Adobe Reader produced some interesting results.
When opened by Adobe Reader 8, Baccas says that the PDF displayed nothing, but does attempt to download and run malicious code from a Colombian TLD.
However, he adds, when he opened the same file with Adobe Reader X no attack occurs and an error message is displayed.
"Other variants (also detected as Troj/PDFJs-QB) link download and run a fake anti-virus attack that Sophos intercepts as Mal/FakeAV-EA", he said, adding that the malicious code is stored within the producer tag.
"It appears that an update introduced in Adobe Reader X has broken a fundamental part of this threat. Well done Adobe."!
For this reason, Baccas says he urges users and system administrators responsible for protecting firms to consider updating to Adobe Reader X as soon as possible.