Hackers may slip through hole found in Adobe tools

— -- Since early July, troublemakers have been e-mailing PDF files with corrupted Flash video clips and hacking into websites to implant them. These clips, when activated, enable attackers to quickly install malicious programs on the user's computer.

Criminals typically take control of PCs, turning them into obedient "bots." They can use bot networks to steal data, siphon cash from online financial accounts, spread spam and trigger promotions to sell fake anti-virus programs.

The number of attacks could soar this week as Adobe scrambles to develop an emergency patch by Friday. The company recently began issuing security patches once a quarter, with the next update scheduled on Sept. 8.

"The volume of cybercrime has been increasing, so we've stepped up our efforts to supply best-in-class security," says Rob Tarkoff, Adobe's senior vice president and general manager of business productivity.

But even that might not solve the problem. Adobe alerts computer users every seven days about software updates that can include security patches, but users often defer installing such updates.

As a result, "We may see a broad-scale explosion of attacks," says Paul Royal, a senior researcher at Purewire.

The security firm has already found a booby-trapped e-mail sent to a corporate executive.

Last week, another security firm, Finjan Software, found several dozen legitimate Web pages carrying poisoned Flash clips.

Tarkoff says Adobe is doing all it can.

"Every software product is a target," he says. The challenge is to find a way to keep offering new features without creating new security problems. "That's (the balance that) we're focused on striking."

That balancing act may grow more difficult as cybercriminals probe for more weaknesses in Adobe programs.