Gozi trojan comes with pdf file

Dangerous Gozi trojan is back and now it is bundled with pdf file.

It activates when user opens infected pdf file and after that it tries to steal information typed in ssl-protected sites (like online bank data).

Gozi comes from Russian Business Network servers like earlier and uses a week ago fixed vulnerability in Adobe Acrobat products.

Most common pdf file names have been BILL.pdf and INVOICE.pdf, sender name Gilbert and header "STATEMET indigene" but they can vary.

Source: eWeek