Malware hidden in PDF attachment.

According to F-Secure, the security firm, an unknown party has been sending tens of thousands of emails containing malicious PDF files to peoples inboxes since Friday.

The emails, which contain the malicious PDF files have the subject line relating to financial information such as "Your credit report" , "Your Credit File" , "Personal Financial Statement" and "Balance Report". They contain an attachment called "report.pdf", which when opened exploits the CVE-2007-5020 vulnerability in Acrobat Reader and IE7 to download further malware.

The company says the attacks are dedicated to hijacking the machine with the goal of spreading further malware.

"We're worried about this case, as PDF attachments are typically not filtered at email gateways", says F-Secure's Chief Research Officer Mikko Hypponen. "Executable files are now stripped almost everywhere, but PDF is stripped almost nowhere".

"Also, a security update for Acrobat Reader was just made available few days ago, so there are tons of users who haven't had a chance to update yet."

---