Report on new virus that travels as a PDF attachment
Apparently only works with full commercial Acrobat, not free Reader
7 August 2001
Reports began surfacing today of a possible new virus, one with a new approach to wreaking havoc -- arriving undetected as a PDF file attachment (annotation).
Dubbed the "OUTLOOK.PDFWorm" by Zulu, its apparently South American-based creator, the VBScript worm uses Microsoft Outlook to send itself in a PDF, disguised as a simple image-based game. If the user -- who must be using the full commercial Adobe Acrobat product, not the free Reader -- plays the game, trouble may follow in the form of malicious code being spread by Outlook.
Richard Smith, CTO of the Privacy Foundation, announced the discovery on several email discussion lists early today, explaining that it "uses a PDF file to bypass the new security feature of Outlook which automatically deletes dangerous file attachments. With this security feature, all VBScript attachments are deleted because they might be computer viruses. However with Zulu's trick, a malicious VBScript file can instead be hidden inside a PDF file which Outlook considers safe."
In the detailed description posted on his Web site, the creator describes his worm as a "proof of concept," basically his attempt to be the first to prove that PDF files can be used to carry viruses.
Acrobat offers several degrees of built-in protection from malicious programs within PDF files -- displaying warnings to users and allowing administrators to configure Acrobat so links are not opened automatically.
Earlier this summer, McAfee announced it had developed anti-virus support for Adobe Acrobat 5.0 to "ensure the safe exchange of PDFs across corporate networks and the Internet."