Try again?
-----Original Message-----
From: L-Soft list server at St. John's University (1.8c)
Sent: Friday, June 11, 1999 9:09 AM
To: I. Stephen Margolis
Subject: Rejected posting to [log in to unmask]
Your message cannot be distributed to the C-PALSY list because it exceeds
the
maximum message size of 600 lines. This limit has been set by the list
owner
and does not necessarily apply to the other lists hosted
at
MAELSTROM.STJOHNS.EDU. If you have any question, please contact the list
owner,
who can be reached at [log in to unmask]
From: "I. STEPHEN MARGOLIS" <[log in to unmask]>
To: "St. John's University Cerebral Palsy List"
<[log in to unmask]>
Subject: FW: VIRUS ALERT
Date: Fri, 11 Jun 1999 09:07:45 -0400
These virii (Had to say that Derri Flower.) are getting interesting. What
kind of person takes the time and effort to do this stuff?
Stay vigilant.
ism
-----Original Message-----
From: RBL [mailto:[log in to unmask]]
Sent: Thursday, June 10, 1999 2:38 PM
To: Recipient list suppressed
Subject: PCA: VIRUS ALERT
Importance: High
-= via RBL's PC ALERT http://www.RBLevin.net
[x] News
Source: RBL
REMINDER: NEVER OPEN FILE ATTACHMENTS IN E-MAIL. SCAN THEM WITH AN ANTIVIRUS
FIRST.
Certain members of this list are infected with a new Internet worm,
discovered by antivirus researchers on 6/6/99. How do I know? My list
server has received auto-replies back from some users, and the worm was
attached.
If you receive the following e-mail message or something similar, even if it
is from someone you know, do NOT run the attachment. If you do, you will be
infected.
Hi !
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye.
<<zipped_files.exe>>
zipped_files.exe
WHAT TO DO:
- If you have not updated your antivirus software, it will not detect this
worm. UPDATE your antivirus software immediately, and scan your system.
- If you are not using antivirus software, GET one here:
http://www.sarc.com. Then scan your system immediately.
More information here:
http://www.sarc.com/avcenter/venc/data/worm.explore.zip.html
Basic information:
Virus Name: Worm.ExploreZip
Aliases: W32.ExploreZip Worm
Infection Length: 210,432 bytes
Area of Infection: C:\Windows\System\, Email Attachments
Likelihood: Common
Detected as of: June 6, 1999
Characteristics: Worm, Trojan Horse
Description:
Worm.ExploreZip is a worm that contains a malicious payload. The worm
utilizes MAPI commands and Microsoft Outlook on Windows systems to propagate
itself. Worm.ExploreZip was first discovered in Israel and submitted to the
Symantec AntiVirus Research Center on June 6, 1999.
The worm e-mails itself out as an attachment with the filename
"zipped_files.exe". The body of the e-mail message may appear to come from a
known e-mail correspondent, and contains the following text:
Hi Receipient Name!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye
The worm determines whom to mail this message to by going through your
received messages in your Inbox. Once the attachment is executed, it may
display the following window:
The worm then proceeds to copy itself to the c:\windows\system directory
with the filename "Explore.exe", and then modifies the WIN.INI file so the
program is executed each time Windows is started. The worm then utilizes
your e-mail client to harvest e-mail addresses in order to propagate itself.
You may notice your e-mail client start when this occurs.
Payload:
In addition, when Worm.ExploreZip is executed, it searches drives C through
Z of your computer system and selects a series of files to destroy based on
file extensions (including .h, .c, .cpp, .asm, .doc, .xls, .ppt) by making
them 0 bytes long. This can result in non-recoverable data.
|