[SGVLUG] Probably OT, but is there a new virus transport being expoited?

Zack, James JZack at unex.ucla.edu
Sun Jul 1 08:53:22 PDT 2007


I have seen a upswing in these sorts of single pdf attachment, no text in the message emails.  They are ordinary PDF files as far as I can tell.  The PDF file itself contains a pennystock spam message, so it could just be yet another attempt to bypass spam filters (it was caught by my barracuda however).
 
I still use Acrobat 6, and deplore Acrobat 7 and 8 so your statement likely holds true for what I run.

________________________________

From: sgvlug-bounces at sgvlug.net on behalf of Tom Emerson
Sent: Sat 6/30/2007 11:01 AM
To: SGVLUG Discussion List.
Subject: [SGVLUG] Probably OT,but is there a new virus transport being expoited?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I seem to have received a rash of e-mails with a subject of
"<randomword>.pdf", and the e-mail itself consists of just a pdf file.
I did some checking, and it seems in 2001, some guy who goes by the name
of "zulu" wrote a proof-of-concept virus for pdf's dubbed "peachy" --
the document was benign for normal users (i.e., anyone using the free
/reader/ program) and had to be actively executed by users of the adobe
pdf /authoring/ software -- you had to click a link in the document to
execute some arbitrary/attached VBscript code.  This code, of course,
remailed itself to 100 of your closest friends...

The comments from Adobe at the time were "in order for this to affect
the free reader program, we'd have to add code to read arbitrary
embedded files within a document, and we're /not likely/ do that..."

OK, so it's six years later -- has the unlikely happened?

- --
Top o' the Blog: And you thought <i>you</i> were the king of leisure time?
http://osnut.homelinux.net/mtblog/ya_index.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org <http://enigmail.mozdev.org/> 

iD8DBQFGhppxV/YHUqq2SwsRApVXAJ98LPZS2lb6PBwxoyNnxBnD96MxeQCbB9kh
Zz7RH6cIXgXfilKhfj1Ibv0=
=PXbc
-----END PGP SIGNATURE-----


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4984 bytes
Desc: not available
Url : http://www.sgvlug.net/pipermail/sgvlug/attachments/20070701/db91193c/attachment.bin


More information about the SGVLUG mailing list