Given the volume of PDFs Google must render, I wonder if they have had any security issues from the service.
Aside from that it's mostly market share - they're different code bases, so they'd need different attacks. There is a chance of buffer overflow issues in the font decoding, image decoding, certificate processing, etc. But outside of iOS, few people have made the effort to attack non-adobe PDF Readers.
Exploits are designed to target and exploit the consuming application of the malicious file, and are not executable by the file format itself (in these particular cases at least) in any arbitrary application that can open the file.
So odds are that a 0-day exploit of Adobe Reader using a specially crafted PDF will have no effect in Apple's Preview app, or another PDF viewer (unless the apps were all using an underlying shared library and that's where the exploit lived, but I don't think this is the case here).
I used to speculate in conversation that USENET was just about the best dead drop on the net (actually, I think I heard Bruce Schneier make such a reference in a talk on tradecraft he gave at DefCon one year) being so decentralized. With the decline of USENET I've been hard-pressed to think of a decentralized, distributed dead drop mechanism that malware could make use of.
Google and Twitter are great precisely because so many people use it. And if the authors had the sense to keep the search terms region/topic-specific the traffic would be nearly impossible to notice or filter, without the benefit of hindsight.
Are there any recommended 'Hacking for Dummies' book for learning more how these things work? It's like a code version of Ocean's 11 to me!
Smashing The Stack For Fun And Profit 
Reversing: Secrets of Reverse Engineering 
The IDA Pro Book 
The iOS Hacker's Handbook  was interesting as a sort of case study on exploiting and hacking embedded hardware.
Mostly what I've found, though, is just starting with a question and googling the answer yield the most results. For example, see mention of a stack overflow attack google how and why stack overflow attacks work (or don't) and once that side of things is understood the thought process behind finding them becomes easier to understand, although not really easier to do (for me, at least).
Hacking: The Art of Exploitation, 2nd Edition
Hacking Exposed 7
This next site is basically Youtube for security conferences. They also offer some online courses on writing exploits in assembly and python, but not all of them are free.
Computer security is just like programming, you can obtain a world class education for free, from the Internet. You just have to know where to look.
I haven't read the books that the other guys mentioned, but I've seen them recommended so often that I'd bet they're worth a read as well.
For example: they really, really didn't want to be detected. Carefully constructed PDFs made to look as innocent as possible. Custom code for every computer makes the hack harder to profile. Tiny, tiny downloader.
Second, the command center approach. Command centers started out as IRC channels for botnets, but are easy to break up once you know the IRC channel name. So there was a lot of thought put into making the command center resilient to shutdown or takeover attempts. In other words, each node can be controlled and rerouted separately. The one error was the log that allowed the security people to see a list of controlled computers - that is a mistake that will probably be fixed in the future.
So for me this is interesting to watch at each step how the hacks are getting more complicated on all levels: the exploit, the control center and the unseen side of it - data gathering/analysis.
How does a random IT security company get logs from the command servers, especially if they're located in Panama and Turkey, where receiving quick cooperation from law enforcement is presumably difficult?
The C2s maintain a detailed, encoded log of the victims connecting to the servers. The logs are available to anyone who knows
the exact filename. By collecting the logs from all
the known command servers, we’ve discovered connections from several
high profile networks belonging to ...
Like kidnapping, malware has the problem with externally visibile trails that you can't hide and still pull it off.
The story about the stuxnet C&C servers being setup as an advertising service was clearly to throw off suspicions about random outcalls to those servers.
These guys had the reputation to build something like this. The fact that a large part of it is written in assembly along with the style of some of the things it's doing makes me suspect this could be the work of members/ex members. I'm guessing the author of this article might be hinting at this as well, hence highlighting that particular op code.
But that's just my opinion, I've nothing to back it up with.
Or maybe the writer just needed to align? I use 666 for dummy vals too.
It seems hardly a month goes buy without a major Adobe Reader exploit.
Most importantly: can you still keep Adobe Flash (e.g. for YouTube) but disabling Adobe PDF reader and not have it re-install itself when upgrading Flash?
Edit: Just gave it a shot, installed and uninstalled Acrobat Reader 11, then updated Flash. Adobe Reader did not "re-install" itself and there was no prompt to install it.
For more info, check out the Wiki page on NPAPI: https://en.wikipedia.org/wiki/NPAPI