0 Replies Latest reply on Aug 15, 2001 11:05 AM by (Chris_Holm)

    ANNOUNCEMENT: PDF Attachment Virus "Peachy"

      Situation Overview:
      On Tuesday, Aug. 7, we learned that a virus writer from South America named Zulu had created a computer virus called
      OUTLOOK.PDFWorm or Peachy that uses Microsoft Outlook to send itself as an attachment to an Adobe PDF file
      (the PDF file is named find.pdf , peach.pdf, findthepeach.pdf, find_the_peach.pdf, joke.pdf , or search.pdf ). If the attachment to the Adobe PDF file is opened using Acrobat 4.0 or 5.0, it will run a visual basic script (.vbs) file that will identify up to 100 contacts in the users Outlook program (after searching the address book, contact list, inbox, and sent mail) and send the virus to those contacts. At this time, we believe that this virus takes no malicious action beyond that described above.


      The virus only has the potential to affect full Acrobat 4.0 or 5.0 customersit is not a threat to Acrobat Reader® users.
      Full Acrobat 4.0 and 5.0 customers have several levels of protection from the virus threat.


      Anti-virus vendor McAfee has informed Adobe and stated publicly that the virus is low risk. McAfee has created an update
      to its software that will immediately detect and delete the virus when a full Acrobat 4.0 or 5.0 user opens the infected PDF file.
      The update is immediately available to users who contact McAfee and is expected to be included in that companys regular
      signature file update push on Wednesday, Aug. 15. Information about the virus is available on McAfees Web site at:

      http://vil.nai.com/vil/virusSummary.asp?virus_k=99179.


      Q: What protection do full Adobe Acrobat users have against this virus?

      A: Adobe is committed to the security of Acrobat and PDF, and full Acrobat 4.0 and 5.0 users have protection from this
      virus on several levels. Acrobat 4.0 and 5.0 launch a dialog box each time a user attempts to open an attachment alerting
      them that the file may contain a harmful virus and recommending the document only be opened if the recipient is certain
      the document is safe. Further, McAfee has created an update to its software that will immediately detect and delete the
      virus when a full Acrobat 4.0 or 5.0 user opens the infected PDF file. The update is immediately available to users who
      contact McAfee (at: virus_research@nai.com) and is expected to be included in that companys regular signature file
      update push on Wednesday, Aug. 15. Information about the virus is available on McAfees Web site at:

      http://vil.nai.com/vil/virusSummary.asp?virus_k=99179. Finally, Acrobat 5.0 users have the option to automatically
      delete all file attachments received in PDF documents (Tools>PDF Consultant>Detect & Remove>Deselect External
      Cross References).


      Q: Is the Portable Document Format (PDF) susceptible to computer viruses?

      A: No. Only files attached to PDF documents can carry viruses.


      Q: What versions of full Acrobat are affected?

      A: Acrobat 4.0 and 5.0 are susceptible to this virus. While Acrobat 3.0 provided the capability to send and receive file
      attachments, the mechanism in that version was architecturally different and is not susceptible to this virus.


      Q: Are Acrobat Reader users susceptible to this virus threat (can Acrobat Reader carry file attachments)?

      A: No. Acrobat Reader users are not susceptible to this virus. Acrobat Reader does not include the code needed to recognize
      file attachments. This virus only has the potential to affect full Acrobat 4.0 and 5.0 users and there are several levels of
      protection in place for those customers.


      Q: Is Acrobat eBook Reader susceptible to this virus?

      A: No. Adobe eBooks are not susceptible to viruses of this type. Acrobat eBook Reader does not include the code needed to
      recognize/read file attachments.


      Q: What impact have the two recent security issues (Peachy virus and Elcomsoft) had on
      Acrobat and Adobe PDF?

      A: No software application is completely immune to the malicious intent of hackers, and Adobe products are no exception.
      With that said, we are committed to the security of Acrobat and PDF, and we use (and will continue to use) industry standard practices in the development of these technologies.