A new e-mail attack has recently been launched that tries to steal user’s banking information by getting them to open a PDF attachment. The e-mail sender claims to be a missed delivery notice from “Royal Mail” that include an attached PDF.
When the user downloads the attached “invoice,” a vulnerability in PDF Reader known as the “Launch Action” will allow the file to start a program hidden in the PDF file that will try to install a Zeus Botnet. If you have the newest version of the PDF Reader you will get pop box that will ask you if you want to open the Launch File. If you do open this file, it will install the Botnet on your computer, which will act as a Trojan that will try to steal your banking information. If you have the older version, it will most likely try to install the Trojan without even asking you.
To protect yourself from this specific vulnerability make sure you don’t open ANY attachments from e-mails that you don’t know or trust, or even any that look suspicious from people that you do know. Also make sure that you have the latest version of the PDF Reader and update it as soon as the newest updates come out as hopefully this vulnerability will soon be fixed.