That's almost the rerun of an old story : last October a hackers group used a RealPlayer flaw to install the Zonebac Trojan. Today, the same group is using a freshly patched Adobe Reader (and Acrobat) flaw to push the same Trojan on users PCs.

The vulnerability at hands allows a remote attacker to execute code of his choice on its victim's PC when a specially-crafted PDF document is being opened. In this particular attack, the PDF documents seem to be served through infected banner ads.

Once automatically opened by Adobe's reader, such a document will in turn install the Zonebac Trojan horse. Zonebac is well-known to lower Window's security settings and play game with the web browsing, changing results pages and monkeying with ads being displayed.

While Zonebac is well-known and perfectly detected by antiviruses, the very exploit being used here to drop it is not detected. A test run by SANS Internet Storm Center on Feb,9th showed no major antivirus flagged as dangerous an infected PDF document.

Adobe advises to install Adobe Reader & Acrobat version 8.1.2. Additionally, security site Immunity offers to registered users a proof of concept (POC) code that could be used to craft a Snort signature, for example.