Date: Thu, 30 Aug 2001 13:39:56 -0700
Reply-To: Ari Ollikainen <Ari@OLTECO.COM>
Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com>
From: Ari Ollikainen <Ari@OLTECO.COM>
Subject: Re: virus from vanagon list
In-Reply-To: <3B8E8975.D805DCCD@mindspring.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 11:44 AM -0700 8/30/01, T Berk wrote:
>gary hradek wrote:
> >
> > I too received the gift from some list member, a
> > ????.exe file. I did not open it as I am suspicious
> > of most exe or vob files coming from the list. May
> > we as list member have an agreement not to send "exe"
> > or "vob" files by way of the vanagon list.
> > That way when it happens we know to avoid them.
> > Web addresses and "most" pdf files should be safe and
> > I feel are required in many cases.
>
>PDFs are not safe anymore either.
>
YAWN...rumor mongering... Here's the IMPORTANT info (if you're
interested in the mechanism, otherwise skip to BOTTOM LINE):
"...When the file is opened using Acrobat, it shows an image
with a small game. To find out the solution to the game, the
user has to double click a file annotation, which after a
warning will run a VBS, VBE or WSF file. The VBScript file
will then create and show a JPG file with the solution to the
game and will try to find the PDF file to spread it.
AND:
"...It uses OUTLOOK to send itself in a PDF (portable document
format) file (first using this file type). When opened using
Acrobat it will show an image with a minor game. Showing the
solution to this game involves doing a double click to a file
annotation, which after a warning will run a VBS, VBE or WSF
file (depending of the worm version).
The VBScript file will create and show a JPG file with the solution
to the game and it will try to find the PDF file to spread it. This
is necessary because when the link is used, Acrobat will create the
VBS, VBE or WSF file in Windows' temporary directory and it will
run this file, so this VBScript file doesn't know the path of the
PDF file to spread...."
BOTTOM LINE: It requires the presence of BOTH Outlook and the FULL
Acrobat program, not just the Reader, the free utility that most
users have installed...
CURE: Don't respond to strange things that happen when opening a
document in **Acrobat**.
more info at: http://www.coderz.net/zulu/outlook.pdfworm.txt