PDFs containing exploits for the recent 0-day vulnerability in Acrobat Reader are now being actively sent out through spambots. The folks at the IBM ISS X-Force say they’re seeing infected PDFs being spammed out and that it looks like the traffic is mainly coming from Taiwan, though those may be spoofed addresses.
Although we’ve only picked up a few attempts, it’s clear that JBIG2 exploit-laden PDFs are now being sent alongside other PDF exploits through spam bots, seemingly originating from Taiwan (although they may be spoofed).
This one is especially tricky with certain email clients since the components that exploit Adobe are sometimes rendered in advance by simply opening the email (and not the attachment). As with many of these file format vulnerabilities, portions of the file are auto-loaded by many applications (like when hovering over the file in a directory for example).