FYI...

Targeted (PDF) attacks...
- http://www.f-secure.com/weblog/archives/00001859.html
January 18, 2010 - "F-Secure Labs has learned of another interesting targeted attack. In this case, malicious PDF files were emailed to US defense contractors. While the "Aurora" attacks against Google and others happened in December 2009, this happened just last week. The PDF file was quite convincing and it looked like it came from the Department of Defense... The document talks about a real conference to be held in Las Vegas in March. When opened to Adobe Reader, the file exploited the CVE-2009-4324* vulnerability. This is the doc.media.newPlayer vulnerability that Adobe patched last Tuesday. The exploit dropped a file called Updater.exe (md5: 3677fc94bc0dd89138b04a5a7a0cf2e0). This is a backdoor that connects to IP address 140.136.148.42. In order to avoid detection, it bypasses the local web proxy when doing this connection. Anybody who controls that IP will gain access to the infected computer and the company network. This particular IP is located in Taiwan."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-4324
"... Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X..."

(Screenshots available at the F-secure URL above.)