LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (August 2001, week 2)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Thu, 9 Aug 2001 08:48:41 -0400
Reply-To:     "Miller, Jeremy T." <zyp9@CDC.GOV>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         "Miller, Jeremy T." <zyp9@CDC.GOV>
Subject:      OT: More reactions to Skylarov
Content-Type: text/plain; charset="ISO-8859-1"

** Not Everything Is Peachy With PDFs

Security firm Vigilinx Inc. is alerting customers of a first-ever worm that replicates using an Adobe portable document format (PDF). The PeachyPDF@mm worm mass mails itself through Microsoft Outlook. Not only does it send itself to 100 addresses from an infected users' address book, it also sends itself to the users' alternative E-mail addresses.

Jerry Freese, chief intelligence officer at Vigilinx, says the worm was coded by a hacker known as "Zulu," who also wrote the first E-mail worm BubbleBoy. "This guy is no script kid; he is an actual virus writer," says Freese. A user who opens a Peachy PDF sees a document that reads "You have one minute to find the peach!" An icon requests users to double click on an icon to "show the solution." If the user does so, and is running the full version of Adobe Acrobat--not just the reader--the worm propagates.

Freese theorizes that the worm is a protest of the recent arrest of the hacker Dmitry Skylarov at this year's BlackHat/Defcon 9 conference. Skylarov was arrested for violating the Digital Millennium Copyright Act. He was going to deliver a presentation about reverse engineering Adobe E-books. "There are a lot of upset hackers about this," says Freese. He stresses that the only danger is jammed E-mail servers: Peachy doesn't pack a powerful payload. According to Vigilinx, users can download the latest virus definitions from Symantec, McAfee, and Central Command.

For more on this topic, read Full Disclosure

Back to: Top of message | Previous page | Main SAS-L page