[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[escepticos] Virus de Acrobat

To: escepticos en ccdis.dis.ulpgc.es
Subject: [escepticos] Virus de Acrobat
From: LAGAMEZ <LAGAMEZ@...>
Date: Fri, 10 Aug 2001 11:42:07 +0100
Reply-to: escepticos en ccdis.dis.ulpgc.es
Sender: owner-escepticos en dis.ulpgc.es

No sé si ya se 
ha dado este 
enlace. Por si 
acaso, os lo 
mando.

http://www.cnn.
com/2001/TEC
H/internet/08/09
/pdf.virus.idg/in
dex.html


New virus 
spreads using 
Acrobat files

By Hector 
Calabia

(IDG) -- A 
worm that 
infects PDF files 
used by Adobe 
Systems' 
Acrobat 
software was 
identified 
Tuesday, 
according to 
two security 
organizations.

The worm 
appeared on 
Tuesday 
morning and has 
been analyzed 
by Bernardo 
Quinteros, head 
of the 
Madrid-based 
security firm 
HispaSec 
Sistemas and 
Richard M. 
Smith, chief 
technical officer 
of the 
U.S.-based 
Privacy 
Foundation. 

"Even 
considering that 
it is a 
just-created 
laboratory virus, 
this is like a 
seed of an 
upcoming 
deluge of 
viruses of the 
same kind in 
PDF files, a 
format 
considered safe 
up to now," said 
Quinteros.

The virus is 
called 
"Outlook.pdf," 
and it is 
considered 
"experimental," 
with a small 
capacity to 
infect, Quinteros 
said.
In order to 
spread itself, the 
virus uses 
Adobe Acrobat 
and functions of 
Microsoft's 
Outlook that 
have never been 
used before. 
According to 
both 
researchers, the 
worm uses 
Outlook to send 
itself hidden in a 
PDF file. When 
opened using 
Acrobat, the file 
launches a game 
that prompts the 
user to click on 
the image of a 
peach. After the 
user clicks on 
the image, a 
Visual Basic 
script is run and 
the virus gets 
activated, they 
said.

The virus 
spreads itself 
using all the 
addresses from 
the e-mails in 
any Outlook 
folder, not just 
the program's 
Address Book, 
and it will send 
itself in a PDF 
file, disguising 
itself by 
changing the 
e-mail's subject, 
body and 
attachment lines 
every time, they 
said.

The worm was 
developed by 
"Zulu," an 
Argentine 
hacker 
well-known in 
the virus 
underground as 
a prolific 
innovator. He 
also created the 
"Bubble Boy," 
"Freelinks," 
"The Fly," 
"Monopoly," 
and 
"Life_Stages" 
viruses, 
according to 
Quinteros. 

Zulu created it 
as a "proof of 
concept," to 
prove that 
Adobe Acrobat 
files can be virus 
carriers, and it 
has not been 
optimized for 
mass 
distribution, 
Quinteros said. 
The worm 
requires the 
presence of 
both Outlook 
and the full 
Acrobat 
program, not 
just the Reader, 
the free utility 
that most users 
have installed. 

"There has been 
very little public 
discussion of 
Adobe Acrobat 
security issues 
as far as I can 
tell. Since PDF 
files are 
considered safe 
by Internet 
Explorer, it 
means that 
Acrobat 
security holes 
are easy to 
exploit from 
Web pages and 
HTML e-mail 
messages," the 
Privacy 
Foundation's 
Smith said in an 
e-mail exchange 
with the IDG 
News Service. 

Zulu told 
Quinteros in a 
previous 
interview that he 
creates worms 
just for fun. He 
finds it an 
educational 
experience, 
does not feel 
guilty about 
doing it and his 
actions are not 
considered a 
crime under 
Argentine law 
yet. The worms 
written by Zulu 
do not usually 
carry a 
dangerous 
payload by 
themselves, 
although they 
can be adapted 
and made 
malicious by 
others, 
according to 
Quinteros.

 
____________
____________
____________
____________
____________
_______ 
Consigue tu 
e-mail gratuito 
TERRA.ES
 Haz clic en 
http://www.terra
.es/correo/

Follow-Ups:
- Re: [escepticos] Virus de Acrobat
  - From: Elisenda Font <elisenda-roger@...>

Prev by Date: Re: Re[2]: [escepticos] **Mas sobre el probable virus de PDF
Next by Date: Re: Re[2]: [escepticos] **Mas sobre el probable virus de PDF
Previous by thread: [escepticos] Re: [escepticos] RE: [escepticos] "El fracaso de la matemática moderna"
Next by thread: Re: [escepticos] Virus de Acrobat
Index(es):
- Date
- Thread