Re: Adobe put Trojan horse in Acrobat.

[rxvt10 () EMAIL SPS MOT COM (David Carter)]

An important addition to the Acrobat question, issued by the NTBugtraq
moderator shortly after the original claim was posted:

-----------------begin quoted message----------------------

Interim Update:

James is in a seminar today, and while I was able to drag him out of it
long enough to ask a few questions, some will remain unanswered until
tomorrow (when he can get to the source messages he has).

- They found NetBusPro.dr in a pre-released version of Adobe Acrobat
Reader 4.0
- They reportedly got a response from Adobe indicating it had been put
there, and that "nobody has reported it to cause any problems".

When I spoke to Adobe Customer Service, they could not find any
reference to NetBus being included, officially, in any of their Acrobat
released products.

Several posters have stated they do not find NetBus when scanning with
McAfee (various versions) against the released Adobe Acrobat 4.0 package
(note, I don't believe this is the same package James was referring to).

I received a message from one poster that included a snippet of a
message he received from a member of the anti-virus research community
within which, was a supposed response from McAfee. McAfee was supposedly
acknowledging that this was a false detection within their 4.0.4017 .DAT
file. The response said that this would be fixed "in a future update of
the .DAT files).

I downloaded and checked the McAfee 4.0.4019 .DAT file WhatsNew.txt
file, but it makes no mention of any false detection, or whether or not
its been corrected. James has not scanned it with 4.0.4019 so cannot say
if it has, in fact, disappeared or not.

My apologies for how long this response has taken. James' message caused
a flood of responses and I had hoped to get him to give us some more
facts. It took me a while to track down his pager number (ain't social
engineering fun!), hence the delay.

I have messages into the senior researchers at NAI, but as yet they
haven't responded either. Without accurate info about precisely where
James got precisely what, its hard to ask Adobe many more questions than
I already have. I truly goofed in sending this one out without a little
more clarification in advanced...tsk, tsk...

More when something useful arises.

Cheers,
Russ - NTBugtraq moderator

------------------end quoted message-----------------------

Forgive the length of the quote, but, considering the content, it seems
justified.

--Dave

-=-=-=-=-=-=-=-=-=-=
Dave Carter
Manager, Data Systems
Global Security Technical Operations
Motorola