"Adobe released patches for its Reader and Acrobat programs last Wednesday, but there’s reason to suspect that the company has closed the barn door long after the cattle fled. According to a blog entry at the SANS Internet Storm Center, this particular vulnerability has been exploited in the wild for several weeks. In this case, hackers use malicious banner ads as a host for an infected PDF. The PDF then installs the Zonebac Trojan, which sets to work deactivating antivirus products, modifying search results, and changing banner ads.
Adobe’s 8.12 update supposedly plugs the loopholes that the Zonebac delivery system exploited, but the company has declined to give any information on what, exactly, the update changed. The lack of information is disappointing (though not surprising), but Adobe’s failure to address the issue in a timely manner raises questions about the firm’s commitment to security. " – Content courtesy of Is it time to consider PDF a threat?