F-Secure has been monitoring a large mailing of malicious PDF files. These PDF files exploit a recent vulnerability. When such PDF files are viewed on vulnerable machines, they get infected. An unknown party has been sending out tens of thousands of mails with Subject-lines like:

• Your credit report
• Personal Financial Statement
• Your Credit File
• Balance Report

The mails contain no mail body, only an attachment called "report.pdf". When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and IE7 and downloads further malware from a server in Malaysia. The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity.

"We're worried about this case, as PDF attachments are typically not filtered at email gateways", says F-Secure's Chief Research Officer Mikko Hypponen. "Executable files are now stripped almost everywhere, but PDF is stripped almost nowhere". "Also, a security update for Acrobat Reader was just made available few days ago, so there are tons of users who haven't had a chance to update yet".

F-Secure Anti-Virus detects the report.pdf malware as Exploit:W32/AdobeReader.K.

Further information is available via F-Secure blog at http://www.f-secure.com/weblog/

- End -

About F-Secure Corporation

F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. F-Secure's award-winning solutions are available as a service subscription through more than 150 Internet service provider and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. F-Secure has received the Frost & Sullivan 2007 award for Distribution Strategy Leadership. The company aspires to be the most reliable security provider, helping make computer and smartphone user's networked lives safe and easy. This is substantiated by the company's independently proven ability to respond faster to new threats than its main competitors. Founded in 1988, and headquartered in Finland, F-Secure has been listed on the Helsinki Exchanges since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry.

For more information, please contact:
Patrik Runald
Senior Security Specialist,
F-Secure Security Labs, Kuala Lumpur
Mobile Malaysia +6012-278-3450
E-mail patrik.runald@f-secure.com
patrik.runald@f-secure.com