To summarise all this down to a couple of points:
* PDF files carrying attachments represent a new "trojan horse" inside
which potentially malicious attachments can be carried.
* The problem described below only applies to the commercial Acrobat
product - not the free and much more prevalent Acrobat Reader.
My take on it is as follows:
While other means of separating a viral payload from the vector used to
transmit it are known and easily "doable", the same may not apply to
potentially "protected" formats such as PDF.
In the case of a virus attached to an email, the virus can be gotten to
and scanned simply by decoding the MIME-encoded contents of the email.
This might be done by an email server, a firewall, or by virus software
on the user's own computer. In the case of a virus attached to a PDF
document, email servers and firewalls won't (currently) be able to see
the virus and scan for it, nor will in some cases the virus scanners on
people's own computers.
It gets even muddier if we consider a "copy protected" PDF document - the
virus scanner might not even get remotely close to seeing the virus
before the user executes it because of the flaming hoops being jumped
through to authenticate the user and/or decrypt the PDF.
Overall, while it's "just another virus", the disturbing thing about is
that in the name of "copy protection" and "enhanced workflow", Adobe might
have unintentionally opened a nice, secure path for viruses to enter
computers.
Grant
On Wed, 8 Aug 2001, Robin Whittle wrote:
> ====================================================================
>
> http://www.coderz.net/zulu/outlook.pdfworm.txt
>
> Virus Name: OUTLOOK.PDFWorm
> Author: Zulu
> Origin: Argentina
>
> VBScript worm. It uses OUTLOOK to send itself in a PDF (portable
> document format) file (first using this file type).
[snip]
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:03 EST