Not Everything Is Peachy With PDFs

The security firm Vigilinx Inc. is alerting customers of a first-ever worm that replicates using an Adobe portable document format (PDF). The PeachyPDF@mm worm mass mails itself through Microsoft Outlook. Not only does it send itself to 100 addresses from an infected users' address book, it also sends itself to the users' alternative E-mail addresses.

Jerry Freese, director of intelligence, at Vigilinx, says the worm was coded by "Zulu," who also wrote the first E-mail worm BubbleBoy. "This guy is no script kid; he's an actual virus writer," says Freese.

A user who opens a Peachy PDF sees a document that reads "You have one minute to find the peach!" An icon requests users to double click on the icon to "show the solution." If the user does so, and is running the full version of Adobe Acrobat--not just the reader--the worm propagates.

Freese theorizes that the worm is a protest of the recent arrest of the hacker Dmitry Skylarov at this year's BlackHat/Defcon 9 conference. Skylarov was arrested for violating the Digital Millennium Copyright Act. He was going to deliver a presentation about reverse engineering Adobe E-books. "There are a lot of upset hackers about this," says Freese.

Freese stresses that the only danger is jammed E-mail servers: Peachy doesn't pack a powerful payload. According to Vigilinx, users can download the latest virus definitions from Symantec, McAfee, and Central Command.