The Trojan was launched during the last few days of October, taking advantage of an unpatched Windows vulnerability to infect PCs.
"PDFex only started to circulate at the very end of the month, but still managed to account for over 13 per cent of all emailed malware during October," said Carole Theriault, senior security consultant at Sophos.
"It was heavily spammed out between 26 and 28 October, and accounted for a staggering two thirds of all malware spread via email."
PDFs have long been used in business as a means of sharing information, so the social engineering trick of using a PDF puts insufficiently protected businesses at risk, according to Sophos.
"Adobe has issued an update to its Acrobat software that fixes the problem, and eyes are now turned to Microsoft to patch the underlying flaw in Windows which could affect other vulnerable applications such as Skype and Firefox," warned Theriault.
She added that, although criminals are currently using PDF files to try and infect innocent PCs with malware, there is little evidence of spammers continuing to use PDF files.
The research also indicates a slight decrease in the percentage of infected email. Overall in October, one in every 1,000 emails carried malicious email attachments, compared to one in every 833 during September.
However, web attacks continue to pose a "significant threat", Sophos warned. Mal/Iframe was responsible for almost seven out of every 10 infections found on the web by the security firm.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
