At this point it is not clear exactly how widespread attacks targeting this vulnerability actually are. One thing is for sure though, as information spreads, we are likely to see the volume increase.
Detection for one malicious sample seen has been added as Troj/PDFJs-FS. The payload of this particular attack is as follows.
- If the vulnerability is successfully exploited, a downloader Trojan is dropped and run. Detection for this has been added as Troj/Dloadr-CXT.
- The downloader attempts to download another executable from a remote server. This component is pro-actively detected as Mal/Behav-027.
The Sophos advisory for this vulnerability has been posted here.