Needless to further remind everyone, zero-day attacks are the preferred choice of cyber criminals and will continue to be so in 2009. If the recent W32/Conficker.worm (MS08-087) and Exploit-XMLhttp.d (MS08-078, MS09-002) were not good enough to prove our point, here is another one.
In the above image, the eax register is specially crafted to point to the malicious shellcode that installs a trojan. When successful, the attack installs a backdoor to enforce remote control and monitoring on infected systems. Further characteristics of this backdorÂ and detection details are posted at http://vil.nai.com/vil/content/v_153842.htm
While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public. As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners. Adobe is expected to release a patch very soon: