Even though Adobe has recently released a security patch for Reader and its Acrobat products, PDF files are still susceptible to some nasty trojan horse virusing (I know that ‘virusing’ is not a proper word).

In this case, hackers use malicious banner ads as a host for an infected PDF. The PDF then installs the Zonebac Trojan, which sets to work deactivating antivirus products, modifying search results, and changing banner ads.

Adobe’s 8.12 update supposedly plugs the loopholes that the Zonebac delivery system exploited, but the company has declined to give any information on what, exactly, the update changed. The lack of information is disappointing (though not surprising), but Adobe’s failure to address the issue in a timely manner raises questions about the firm’s commitment to security. An 18-day gap between the appearance of a verified exploit and the release of a patch isn’t exactly impressive, and this particular issue had been on Adobe’s radar for months. iDefense Labs first reported the existence of this particular buffer overflow vulnerability in early October 2007.

The attack has raised some questions regarding the security of the PDF standard

via arstechnica