|
|
|
|
| |
| People who use both Adobe Acrobat and Microsoft Outlook on their machines are vulnerable to a new PDF-borne virus, the first of its kind. A number of sources report that it uses a combination of Acrobat and Outlook to send itself in a PDF file. |
| |
Credit:
Trojan information can be found at:
http://vil.mcafeeasap.com/dispVirus.asp?virus_k=99179
http://www.sophos.com/virusinfo/analyses/vbspeachypdfa.html
The information has been provided by Richard M. Smith.
|
| |
Vulnerable systems:
Adobe Acrobat version 5 or higher (Full version)
VBScript worm uses OUTLOOK to send itself in a PDF (portable document format) file. When opened using Acrobat it will show an image with a minor game. Showing the solution to this game involves doing a double click to a file annotation, which after a warning will run a VBS, VBE, or WSF file (depending of the worm version). The VBScript file will create and show a JPG file with the solution to the game and it will try to find the PDF file to spread it. This is necessary, because when the link is used, Acrobat will create the VBS, VBE, or WSF file in Windows' temporary directory and it will run this file, so this VBScript file does not know the path of the PDF file to spread. Then it will start the spreading code using Outlook in a way not seen before in any worm. The password for changing the security options of the PDF file is "OUTLOOK.PDFWorm". This worm is designed to be a proof of concept; it has bad spreading capabilities, only the necessary to be called a worm. In addition, because file annotations are only available in the full version of Acrobat, this worm will not run in Acrobat Reader.
|
|
|
|
|
|
|
