Target Attack: The guy leaves a message in exploit by using the vulnerability of CVE-2010-0188
Recently, we also found very frequent, targeted attacks, making use of the patched (not complete ) TIFF vulnerability (CVE-2010-0188). 
What is interesting is that these exploits insert the javascript as well as crafted TIFF(exploit.tif) into XML Form, and generate malicious PDF by Adobe livecycle ES. The javascript is embedded within the form, and there is not detected by AV.
The track of malicious PDF left by the hacker can be found, and it is likely that the hacker is "Yuange" (袁哥 in Chinese) and "panlab
(exploits lab ? If it is really, I also want to join too.. 
". However, in new version of exploit, we can’t find the string of Yuange.
As we know more features; more bugs. It is my belief that PDF Exploit will be increasing significantly and be used widely on targeted attacks.