[Dshield] New worm developed that spreads using Acrobat files

Jonathan G. Lampe jonathan at stdnet.com
Tue Aug 21 20:47:09 GMT 2001


The Adobe Acrobat vulnerability is real.  It only targets people running 
FULL Acrobat (the one with the ability to MAKE PDF's not just read 
them).  In short, FULL Acrobat supports attached files, just like email 
supports attached files, and the attached file can be just about anything, 
including little malicious clusters of love.

Read up:
http://news.cnet.com/news/0-1003-200-6808673.html?tag=prntfr

- Jonathan Lampe, Standard Networks, 608.227.6100, jonathan at stdnet.com

At 01:45 PM 8/21/2001, you wrote:
>Is this real or hype??
>
>from http://www.computerworld.com/storyba/0,4125,NAV47_STO62902,00.html
>
>The worm appeared on Tuesday morning and has been analyzed by Bernardo
>Quinteros, head of the Madrid-based security firm HispaSec Sistemas and
>Richard M. Smith, chief technical officer of the Denver-based Privacy
>Foundation
>"Even considering that it is a just-created laboratory virus, this is like a
>seed of an upcoming deluge of [viruses] of the same kind in PDF files, a
>format considered safe up to now," said Quinteros
>...
>In order to spread itself, the virus uses Adobe Acrobat and functions of
>Microsoft Corp.'s Outlook that have never been used before. According to both
>researchers, the worm uses Outlook to send itself hidden in a PDF file. When
>opened using Acrobat, the file will launch a game that prompts the user to
>click on the image of a peach. After the user clicks on the image, a Visual
>Basic script is run and the virus gets activated, they said.
>
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list