Large mailing of PDF files exploits recent vulnerability

F-Secure has been monitoring a large mailing of malicious PDF files. These PDF files exploit a recent vulnerability. When such PDF files are viewed on vulnerable machines, they get infected.

An unknown party has been sending out tens of thousands of mails with Subject-lines like:

Your credit report
Personal Financial Statement
Your Credit File
Balance Report

The mails contain no mail body, only an attachment called “report.pdf”. When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and IE7 and downloads further malware from a server in Malaysia. The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity.