According to Computerworld, the Zeus botnet is now making use of an unpatched flaw in Adobe’s PDF document format discovered by security researcher Didier Stevens.
Zeus exploits the “/Launch” design flaw to embed attack code in the document. The article explains:
When users open the rogue PDF, they’re asked to save a PDF file called ‘Royal_Mail_Delivery_Notice.pdf.’ That file, however, is actually a Windows executable that when it runs, hijacks the PC.
This may be the beginning of the PDF attack wave predicted by Mickey Boodaei, CEO of security company Trusteer.