Skip to main content

PDF Has Fallen Victim to the Internet Worm "Peach"

August 9, 2001

Kaspersky Labs, an international data-security software developer, announces the detection of the Internet worm "Peach" that utilizes PDF files (Adobe Acrobat) for spreading. "Peach" is an average malicious script program written in Visual Basic Script (VBS) programming language. Its distinctive...

Kaspersky Lab, an international data-security software developer, announces the detection of the Internet worm "Peach" that utilizes PDF files (Adobe Acrobat) for spreading.

"Peach" is an average malicious script program written in Visual Basic Script (VBS) programming language. Its distinctive feature is the ability for using PDF-files as a carrier. This ability is based on the PDF-files internal format, which enables a malefactor to plant in PDF-files other types of programs, including VBS-programs.

"Peach" is delivered to the target computers in form of attachment of an e-mail message. The attachment's filename, as well as the message's subject and body are randomly selected from a list contained in the worm's code. After the attachment is executed "Peach" launches ADOBE acrobat or Adobe Acrobat Reader (in case they are installed on the given computer) and shows the document with indecent content:

The PDF-file offers a user a user to play a simple game stored and find a peach in the shown picture. To make it faster a user is offered to click on an embedded object and find out the answer. After the embedded object is activated, the Adobe Acrobat (not Adobe Acrobat Reader - this software simply has no features to execute embedded objects) program extracts the VBS code, copies it to a temporary folder and launches it. The virus code then creates a JPG file on a disk and displays it using Internet Explorer. Following this, the worm tries to find its host PDF file on a disk, and if it finds the file, the worm sends it to recipients specified in the Outlook Address Book. It is very important to mention that "Peach" does not infect other PDF-files. It spreads only the host PDF-file, i.e. the one the worm was launched from. The worm carries no other payload.

At this time, Kaspersky Lab has not received any messages from users having been infected by the Peach Internet-worm.

A more in-depth description of the Peach Internet worm can be found in the Kaspersky Virus Encyclopedia.

PDF Has Fallen Victim to the Internet Worm "Peach"

Kaspersky Labs, an international data-security software developer, announces the detection of the Internet worm "Peach" that utilizes PDF files (Adobe Acrobat) for spreading. "Peach" is an average malicious script program written in Visual Basic Script (VBS) programming language. Its distinctive...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Related Articles Press Releases