Date: Thu, 9 Aug 2001 08:48:41 -0400
Reply-To: "Miller, Jeremy T." <zyp9@CDC.GOV>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: "Miller, Jeremy T." <zyp9@CDC.GOV>
Subject: OT: More reactions to Skylarov
Content-Type: text/plain; charset="ISO-8859-1"
** Not Everything Is Peachy With PDFs
Security firm Vigilinx Inc. is alerting customers of a first-ever
worm that replicates using an Adobe portable document format
(PDF). The PeachyPDF@mm worm mass mails itself through Microsoft
Outlook. Not only does it send itself to 100 addresses from an
infected users' address book, it also sends itself to the users'
alternative E-mail addresses.
Jerry Freese, chief intelligence officer at Vigilinx, says the
worm was coded by a hacker known as "Zulu," who also wrote the
first E-mail worm BubbleBoy. "This guy is no script kid; he is an
actual virus writer," says Freese. A user who opens a Peachy PDF
sees a document that reads "You have one minute to find the
peach!" An icon requests users to double click on an icon to
"show the solution." If the user does so, and is running the full
version of Adobe Acrobat--not just the reader--the worm
Freese theorizes that the worm is a protest of the recent arrest
of the hacker Dmitry Skylarov at this year's BlackHat/Defcon 9
conference. Skylarov was arrested for violating the Digital
Millennium Copyright Act. He was going to deliver a presentation
about reverse engineering Adobe E-books. "There are a lot of
upset hackers about this," says Freese. He stresses that the only
danger is jammed E-mail servers: Peachy doesn't pack a powerful
payload. According to Vigilinx, users can download the latest
virus definitions from Symantec, McAfee, and Central Command.
For more on this topic, read