PDF Has Fallen Victim to the Internet Worm "Peach"

August 9, 2001

Kaspersky Labs, an international data-security software developer, announces the detection of the Internet worm "Peach" that utilizes PDF files (Adobe Acrobat) for spreading. "Peach" is an average malicious script program written in Visual Basic Script (VBS) programming language. Its distinctive...

Kaspersky Lab, an international data-security software developer, announces the detection of the Internet worm "Peach" that utilizes PDF files (Adobe Acrobat) for spreading.

"Peach" is an average malicious script program written in Visual Basic Script (VBS) programming language. Its distinctive feature is the ability for using PDF-files as a carrier. This ability is based on the PDF-files internal format, which enables a malefactor to plant in PDF-files other types of programs, including VBS-programs.

"Peach" is delivered to the target computers in form of attachment of an e-mail message. The attachment's filename, as well as the message's subject and body are randomly selected from a list contained in the worm's code. After the attachment is executed "Peach" launches ADOBE acrobat or Adobe Acrobat Reader (in case they are installed on the given computer) and shows the document with indecent content:

The PDF-file offers a user a user to play a simple game stored and find a peach in the shown picture. To make it faster a user is offered to click on an embedded object and find out the answer. After the embedded object is activated, the Adobe Acrobat (not Adobe Acrobat Reader - this software simply has no features to execute embedded objects) program extracts the VBS code, copies it to a temporary folder and launches it. The virus code then creates a JPG file on a disk and displays it using Internet Explorer. Following this, the worm tries to find its host PDF file on a disk, and if it finds the file, the worm sends it to recipients specified in the Outlook Address Book. It is very important to mention that "Peach" does not infect other PDF-files. It spreads only the host PDF-file, i.e. the one the worm was launched from. The worm carries no other payload.

At this time, Kaspersky Lab has not received any messages from users having been infected by the Peach Internet-worm.

A more in-depth description of the Peach Internet worm can be found in the Kaspersky Virus Encyclopedia.

PDF Has Fallen Victim to the Internet Worm "Peach"

Kaspersky

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

PDF Has Fallen Victim to the Internet Worm "Peach"

PDF Has Fallen Victim to the Internet Worm "Peach"

About Kaspersky

Related Articles Press Releases

Dangerous Loki backdoor discovered: Kaspersky experts identify agent in Russian company cyberattacks

DIY Ransomware: novice cybercriminals bigger threat thanks to off-the-shelf code

Kaspersky identifies new APT group targeting Russian government entities

SMB cyber infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Every third cyber incident was due to ransomware, Kaspersky reports

Global mobile banking malware grows 32 percent in 2023

Turkey, Russia, Southeast Asia and Latin America hit by Android threats, Kaspersky identifies

‘Coyote’ ugly: Kaspersky unveils banking trojan targeting over 60 institutions

New cross-platform threats uncovered by Kaspersky

Kaspersky reveals advanced tactics in cyber espionage campaigns using MATA toolset