Vulnerabilities have been found in current versions of Foxit and Xpdf readers as well. Patches are not yet available, so open unsolicited .pdf files with care.
A new round of website attacks is also exploiting un-patched web applications. These can be difficult to detect, because the malicious files have the same directory and file names as legitimate files. Most previous attacks re-directed visitors to malicious sites, but this attack actually insert the malicious code on the site, making cleanup more difficult.
This does not mean that the previous methods are being replaced. In fact, there has been a resurgence of these previous attacks as well.
This highlight the fact that the attack trends have shifted from operating system attacks to application attacks. Most users are not as diligent about patching applications as they are about patching their operating systems. When servicing client computers, it is just as important to check for application updates as it is to check for operating system updates.
Dennis H in West Virginia, US
October 20, 2009