As reported earlier this week by Infosecurity, Trusteer issued its warning after a European researcher Didier Stevens published details of the Adobe PDF flaw on his own security blog.
According to Mickey Bodaei, CEO with the browser security and fraud prevention specialist, the short space of time taken for the flaw to be exploited by hackers in the real world shows how quickly cybercriminals are exploiting these types of security issues.
"Just as a virus and malware prevention industry had to move swiftly to counter the so-called zero-day security threats as they started arriving around five years ago, so the industry must ratchet up its protection strategy once again to meet this expanded threat", he said.
"We said last week that cybercriminals and hackers will try to exploit this structural Adobe issue using social engineering techniques, which lure internet users into a false sense of feeling safe, and that is exactly what has happened this week", he added.
Boodaei says that many of today's IT security solutions – such as anti-virus and personal firewalls – rely on internet users to make the right choice.
The problem is, he explained, that the applications present users with technical messages that are hard to understand and expect users to decide what to do with them.
"Acrobat Reader works in a similar fashion by expecting internet users to understand the security implications of running an embedded file", he said, adding that most users simply look for the easiest and quickest way of getting something done", he said.
"They don't stop to think if every step they make is a reasonable behaviour", he said.
Judging from the speed with which cybercriminals moved to exploit the Adobe PDF security issue, the Trusteer CTO says that it is now down to internet users to take proactive steps to protect their internet surfing, and heed the advice of the growing number of financial plus allied websites to enhance their security.
The good news, he went on to say, is that a growing number of websites are now offering excellent security enhancement software – free of charge – that augments users' existing anti-virus and IT security applications.