A reminder about about the Acrobat reader vulnerability we blogged about several times recently (http://www.eset.com/threat-center/blog/?p=593, http://www.eset.com/threat-center/blog/?p=579, http://www.eset.com/threat-center/blog/?p=572).
Obviously, we suggest that you keep an eye open for the release of the updates appropriate to your version of Acrobat and/or Acrobat Reader. Adobe say that a patch will be released for version 9 by March 11th, and for versions 7 and 8 by March 18th. They’ve also made further information available here. Given that PDFs are a frequent target for malicious exploitation, you might want to sign up for Adobe’s security advisory alert service. And, as always, be aware that you might be offered "patches" from other sources that are actually malicious programs!
In the meantime, though, the best protection available is to be aware of the danger from targeted attacks: treat unexpected PDF (and other)documents, even from people known to you, as potentially/possibly malicious. Even when this particular vulnerability (and the Excel vulnerability that’s also been making waves) has been patched, there will be other attempts to use "harmless" document formats as a means of compromising systems.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET