Internet security firm F-Secure have issued a warning to businesses about a spam PDF file that when opened downloads malware directly into the user's computer by exploiting software vulnerabilities, creating chaos for its unwitting victims.
Opening any kind of spam has always carried a risk, but in the past most emails that infected computers contained executable programs.
However, this scam is different because it involves a PDF file - a tactic that previously hasn't been used.
Received via an unsolicited email carrying a subject line such as 'your credit report' or 'your credit file' the infected PDF downloads malware from servers based either in the Far East or Northern Europe.
Tens of thousands of emails have already been sent out, and more are expected prompting the warning from F-Secure.
Although carrying a title claiming to be some type of financial report, the email actually contains no body mail, but just an infected PDF attachment entitled 'report.
Once opened the document exploits the CVE-2007-5020 vulnerability in Acrobat Reader and Internet Explorer 7 to download malware that appears to emanate from either Sweden or Malaysia.
According to F-Secure the purpose of the attack is to hi-jack the user's computer so that it can be used as part of a botnet to spread even more malware to even more computers throughout the world.
The problem is particularly worrying for security experts because as F-Secure's chief research officer Mikko Hypponen points out: "PDF attachments are not normally filtered at email gateways.
Executable files are almost always stripped but PDF files aren't, meaning that they are getting through just about everywhere.
" His company are now involved in cleaning up mail servers that have already been infected as well as frantically spreading the word to other email operators.
To ensure that you avoid becoming a victim of this type of scam, in the short term be very suspicious of opening any emails that carry titles such as 'your credit report' or 'your credit file'.
In addition, you should show extreme caution before opening any emails that claim to contain something that you didn't request, or come from an email address that doesn't look familiar.
You should also download the latest security update from Acrobat Reader, as it includes a fix for this malware infection.
Computer users should also be re-assured that although they will undoubtedly undergo a period of serious inconvenience if they manage to fall victim to this piece of spam, it will not affect their real credit file or credit rating in any way.