Emerging over the weekend has been the full impact of what was first seen as a minor problem with Adobe Acrobat Reader versions up to and including 7.
Essentially the free PDF reader supplied by Adobe is vulnerable to carefully crafted PDF documents placed on Web sites which can potentially run programs on any PC. These could collect passwords, IDs and any data accessible by the user. No known exploits are 'in the wild' but given the potential and the publicity on the security industry websites, it is likely that the hackers are all working overtime to generate them.
Simple exploits will be out on the Internet within hours and sophisticated ones within days. As the majority of Hackers are now in the game for profit, initial targets will be Internet banking and on-line credit card transactions with the potential for quick financial gain.
In order to mitigate the risk to experts are recommending these actions:
1. Deploying Adobe Reader version 8 to all PCs
2. Deleting known instances of default PDFs on PCs
3. Running a user awareness campaign
Click here for more information on the Adobe Reader security alert