A specially crafted .PDF file, detected by Trend Micro as TROJ_PIDIEF.ASP, was recently found to have infected several Indian, Thai, and New Zealand websites.
The Trojan takes advantage of critical vulnerabilities in Adobe Reader 9.1.3 and Acrobat 9.1.3; Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh, and UNIX; and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities can cause the application to crash and can potentially allow an attacker to take control of an affected system. Adobe has thus advised users to patch their systems and download the necessary updates.
The Trojan belongs to an old but notable malware family known as ?ASProx,? which plagued the Web last year. It was so notable that it made its way to Trend Micro?s Top 8 in 2008 list.
Most ASProx variants, including this most recent one, exhibited the same payload. They first compromised several websites. Visiting the said sites then triggerred redirections to various malicious URLs that ultimately led to the download of more malicious files.