According to the experts, once the exploit is successful, it drops a couple of DLL files on the target system. One of the DLL is responsible for displaying a fake error message following which it opens a decoy PDF document. The other DLL is the main culprit which drops a component on the system that initiates a session to a remote domain. FireEye has revealed that the exploit is known to target Adobe PDF Reader versions 9.5.3, 10.1.5 and 11.0.1. The delivery method of the exploit is still a mystery and chances are that it may infect your computer via an email or directly from the web.

Adobe hasn’t confirmed whether the exploit manages to breach the sandbox protection in the Adobe Reader 10 and 11 as investigations are still underway. FireEye notes, “We have already submitted the sample to the Adobe security team Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files.”

Adobe uses sandboxing to protect its uses against malware and exploits but, security experts from the Russian company Group-IB warned back in November 2012 that there existed an exploit for Adobe Reader 10 and 11 that bypasses the sandbox security features. The exploit was sold on the black market $30,000 to $50,000. Adobe refused to confirm the existence of such exploit at that time.

If sandbox protection is compromised, it will be a huge blow to Adobe security technology. For now the only way to defend your machine from cyber attacks is to be extra careful while opening files and accessing links in your email. We recommend that you keep your Adobe software up to date. Another method is to use alternative software for PDF files, like Foxit Reader or Nitro PDF reader.