[Dshield] New worm developed that spreads using Acrobat files

John Hardin johnh at aproposretail.com
Tue Aug 21 21:14:15 GMT 2001

Andy Stevko wrote:
> Is this real or hype??

A little of both.

The worm does exist, BUT:

1) you have to have the full Acrobat package installed - the standalone
PDF viewer does not (yet) support the functionality needed by the worm.

2) it does pop up a dialog box asking the user to confirm an action
before it can execute.

Don't panic yet, but *do* write a message to Adobe demanding that they
not turn PDF Viewer into another infection vector. It should only
support read-only static content and should NOT be scriptable nor be
able to create files. Make noise now, or deal with the mess later.

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192

More information about the list mailing list