Symantec reports a new vulnerability in PDF files is abused to spread trojans:
One day later, we have discovered a new Trojan named Trojan.Pidief.A that actually exploits this vulnerability to compromise an unpatched computer. So far we have seen a fair number of emails containing this new Trojan in the wild. It is likely that Trojan.Pidief.A has been spammed out in targeted attacks on specific business organizations.
The Trojan will most likely arrive through email with a subject such as "invoice", "statement" or "bill" of some description, and just containing the .pdf file. So far we have seen the following file names used: