According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments.
The "Launch Actions/Launch File" function in Adobe Reader allows the execution of scripts or EXE files embedded in PDFs. Although Adobe Reader asks users to agree to the execution of the file, this dialogue can be designed in such a way that users have no idea they may be allowing an infection in to their systems. Sophos have posted a demo which tries to persuade users to click an OK button on their blog.

A report from M86Security describes a PDF document that tries to install the ZeuS bot. When opened, the document tries to save a further PDF document which contains the actual malware. The documents are probably nested in an attempt to trick virus scanners. Interestingly, Reader opens a user dialogue before saving the file, but Foxit automatically saves the file without requesting confirmation. The current version of Foxit at least opens a dialogue when trying to start the bot that is hidden in the PDF

The link for this article located at H Security is no longer available.