Security researcher Jeremy Conway on Monday unveiled a proof of concept attack that allows malware to be spread via normal PDF files on target computers running PDF reader software such as Adobe Acrobat Reader or Foxit Reader PDF. Conway is the product manager at NitroSecurity, a security company that sells analysis tools used to identify and correct security threats.

Unlike traditional malware attacks that rely on the discovery of new security weaknesses or inadvertent programming errors, Conway demonstrated how the ability to incrementally update a PDF file is used as the infection vector to spread itself to other PDF files--similar to the way a traditional virus works to infect other executable files.

Of course, his demonstration relies on a multi-part scripting process to launch an executable file from within a normal PDF file, a technique first demonstrated by Didier Stevens from Belgium a week ago.

What is troublesome about the weakness discovered by Stevens is that the ability to launch programs from within a PDF file is defined as part of the ISO standard in the PDF file specification. As such, switching off JavaScript would not prevent an attack.

Of course, software such as Adobe's PDF Reader already displays a warning message advising users to proceed only if the file comes from a trusted source. However, the opportunity exists for users to be tricked with some social engineering. This is especially pertinent as the attacker will have some control over the content of the displayed dialog box.

For now, researchers at Adobe and Foxit Software are investigating ways to mitigate the risk of their products being attacked.

For more on this story:
- check out this article at CNET News
- check out this article at Sudosecure.NET 

Related Articles:
New exploit being used against Adobe Acrobat Reader
McAfee: Hackers target Adobe, Facebook, Twitter in 2010
Adobe to push out new Acrobat security patches today