[Dshield] New worm developed that spreads using Acrobat files
johnh at aproposretail.com
Tue Aug 21 21:14:15 GMT 2001
Andy Stevko wrote:
> Is this real or hype??
A little of both.
The worm does exist, BUT:
1) you have to have the full Acrobat package installed - the standalone
PDF viewer does not (yet) support the functionality needed by the worm.
2) it does pop up a dialog box asking the user to confirm an action
before it can execute.
Don't panic yet, but *do* write a message to Adobe demanding that they
not turn PDF Viewer into another infection vector. It should only
support read-only static content and should NOT be scriptable nor be
able to create files. Make noise now, or deal with the mess later.
John Hardin <johnh at aproposretail.com>
Internal Systems Administrator voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
More information about the list