Brad Arkin, Adobe's senior director of security for products and services, wrote in a that the rogue code samples have been shared with the Microsoft Active Protection Program (MAPP) so security vendors can detect them. Adobe believes "the vast majority of users are not at risk" because tools like the ones that were signed are normally used during "highly targeted attacks," not widespread ones, he .

"At the moment, we have flagged all the received samples as malicious and we continue monitoring their geographical distribution," Botezatu said. BitDefender is one of the security vendors enrolled in MAPP.

However, Botezatu couldn't say if any of these files were actively detected on computers protected by the company's products. "It's too early to tell, and we don't have sufficient data yet," he said.

Adobe traced back the compromise to an internal "build server" that had access to its code-signing infrastructure. "Our investigation is still ongoing, but at this time, it appears that the impacted build server was first compromised in late July," Lips said.

"To date we have identified malware on the build server and the likely mechanism used to first gain access to the build server," Arkin said. "We also have forensic evidence linking the build server to the signing of the malicious utilities."