Adobe's PSIRT recently acknowledged a flaw in Adobe Reader in the handling of PDF documents that is being exploited in the wild. The flaw affects Adobe Reader under Windows, MAC OS X and Linux/Unix.Symantec identifies the attack as Trojan-Pidief.H.

The exploit has the executable included: AdobeUpdate.exe - Size 9.356k (hash 069175846447506b3811632535395bc3 ).

This executable will download another file called ab.exe (and save it as winver32.exe on C:windows folder). You may also check your logs for the website hxxp://foruminspace.com . This file is hosted there.

You can get additional information about this vulnerability here.

Stay tuned for more information about potential workarounds - some have suggested turning off JavaScript in Adobe Reader which we think is a best practice anyway, but we do not know whether this is helpful for this attack.

Update: It looks like Adobe will not be releasing an update to resolve this issue until Jan 12!  Find their full advisory with the release date here: http://www.adobe.com/support/security/advisories/apsa09-07.html.

It appears that turning off Javascript is the recommended workaround, and enabling DEP in newer version of Windows provides further protection.