Other security researchers, including those at Paris-based CERT-Lexsi , have also reported on the e-mail bearing rogue PDF attachments. CERT-Lexsi added that the malware's command-and-control server is located in Korea.
IBM researchers said the malware launched from the rigged PDF seems to be version of Auraax or Emold worm. The worm drops a rootkit onto the compromised PC, and also tries to copy itself to all removable drives, including flash drives, to spread using the "Autorun" infection tactic made popular by 2008's Conficker worm.
Staff at IDG -- which is the parent company of Computerworld -- have received the malicious messages with attached PDF documents. Those messages can pose as ones from "customersupport@ domain name .com," "support@ domain name .com," and "admin@ domain name .com," where domain name is typically the company's name.
An Adobe spokeswoman today declined to comment on the latest attacks, and said the company was still researching the /Launch functionality in Adobe Reader and Acrobat to identify "all possible use scenarios for this particular functionality to ensure we are not breaking any common workflows for our customers." Adobe's current advice remains that users configure Reader and Acrobat to stymie such attacks, she added. Adobe has posted instructions on its Web site.
IBM's security team also recommended that users disable Windows' Autorun feature for all flash drives, and pointed them toward a Microsoft support document for instructions and updates.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com .
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Knowledge Center.