Situation Overview:
On Tuesday, Aug. 7, we learned that a virus writer from South America named Zulu had created a computer virus called
OUTLOOK.PDFWorm or Peachy that uses Microsoft Outlook to send itself as an attachment to an Adobe PDF file
(the PDF file is named find.pdf , peach.pdf, findthepeach.pdf, find_the_peach.pdf, joke.pdf , or search.pdf ). If the attachment to the Adobe PDF file is opened using Acrobat 4.0 or 5.0, it will run a visual basic script (.vbs) file that will identify up to 100 contacts in the users Outlook program (after searching the address book, contact list, inbox, and sent mail) and send the virus to those contacts. At this time, we believe that this virus takes no malicious action beyond that described above.
The virus only has the potential to affect full Acrobat 4.0 or 5.0 customersit is not a threat to Acrobat ReaderĀ® users.
Full Acrobat 4.0 and 5.0 customers have several levels of protection from the virus threat.
Anti-virus vendor McAfee has informed Adobe and stated publicly that the virus is low risk. McAfee has created an update
to its software that will immediately detect and delete the virus when a full Acrobat 4.0 or 5.0 user opens the infected PDF file.
The update is immediately available to users who contact McAfee and is expected to be included in that companys regular
signature file update push on Wednesday, Aug. 15. Information about the virus is available on McAfees Web site at:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99179.
Q: What protection do full Adobe Acrobat users have against this virus?
A: Adobe is committed to the security of Acrobat and PDF, and full Acrobat 4.0 and 5.0 users have protection from this
virus on several levels. Acrobat 4.0 and 5.0 launch a dialog box each time a user attempts to open an attachment alerting
them that the file may contain a harmful virus and recommending the document only be opened if the recipient is certain
the document is safe. Further, McAfee has created an update to its software that will immediately detect and delete the
virus when a full Acrobat 4.0 or 5.0 user opens the infected PDF file. The update is immediately available to users who
contact McAfee (at: virus_research@nai.com) and is expected to be included in that companys regular signature file
update push on Wednesday, Aug. 15. Information about the virus is available on McAfees Web site at:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99179. Finally, Acrobat 5.0 users have the option to automatically
delete all file attachments received in PDF documents (Tools>PDF Consultant>Detect & Remove>Deselect External
Cross References).
Q: Is the Portable Document Format (PDF) susceptible to computer viruses?
A: No. Only files attached to PDF documents can carry viruses.
Q: What versions of full Acrobat are affected?
A: Acrobat 4.0 and 5.0 are susceptible to this virus. While Acrobat 3.0 provided the capability to send and receive file
attachments, the mechanism in that version was architecturally different and is not susceptible to this virus.
Q: Are Acrobat Reader users susceptible to this virus threat (can Acrobat Reader carry file attachments)?
A: No. Acrobat Reader users are not susceptible to this virus. Acrobat Reader does not include the code needed to recognize
file attachments. This virus only has the potential to affect full Acrobat 4.0 and 5.0 users and there are several levels of
protection in place for those customers.
Q: Is Acrobat eBook Reader susceptible to this virus?
A: No. Adobe eBooks are not susceptible to viruses of this type. Acrobat eBook Reader does not include the code needed to
recognize/read file attachments.
Q: What impact have the two recent security issues (Peachy virus and Elcomsoft) had on
Acrobat and Adobe PDF?
A: No software application is completely immune to the malicious intent of hackers, and Adobe products are no exception.
With that said, we are committed to the security of Acrobat and PDF, and we use (and will continue to use) industry standard practices in the development of these technologies.