A successful attack is not particularly easy to carry out, as it depends on several prerequisites.
Recent weeks have shown that images are used as a malware spreading technique; particularly images that appear after performing a Google image search.
Do not rely on any file attachment or file on any device to be safe based on its file name.
Earlier this month we wrote about a vulnerability in the PDF specification that could be utilized to run malicious programs embedded in a PDF file. Proof-of-concept code was published, and it was expected that real-life malware that used this technique might appear soon.
Exploitation of how applications handle files in the Portable Document Format (PDF) is one of the most used techniques to successfully create malicious software. Usually this is accomplished by utilizing vulnerabilities in the applications used to read PDF documents, like the very popular free program, Adobe Reader.
Aurora attacks, which is known to be originated from china, is a major attack in the recent past which used an Internet explorer exploit code to attack companies like Google and Adobe and succeeded in stealing some intellectual properties.
Recently a new vulnerability has been discovered in Adobe Reader and Acrobat 9.2 and earlier versions (CVE-2009-4324). The vulnerability resides in Doc.media.newPlayer method. It’s a use-after-free vulnerability which can allow an attacker to execute arbitrary code.
