LISTSERV - HISTARCH Archives - COMMUNITY.LSOFT.COM

HISTARCH Archives

HISTORICAL ARCHAEOLOGY

HISTARCH@COMMUNITY.LSOFT.COM

	LISTSERV Archives
	HISTARCH Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: A real virus alert
From:	[log in to unmask]
Reply To:	HISTORICAL ARCHAEOLOGY <[log in to unmask]>
Date:	Fri, 11 Jun 1999 08:20:19 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (75 lines)

I can confirm that this is a real one- our office got hit yesterday.

John McCarthy

____________________Reply Separator____________________
Subject:    A real virus alert
Author: MIME:[log in to unmask]
Date:       6/10/99 9:50 PM

If you use Microsoft Outlook, Outlook Express, or Microsoft Exchange, be
aware of this and update your virus scanner's definition files.

>This is a verified virus (Worm, actually) alert.  It was verified by
>Network Associates, makers of McAfee at
>http://www.avertlabs.com/public/datafiles/valerts/vinfo/va10185.asp and by
>Symantec's Antivirus Research Center (SARC) at
>http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html
>
>Both of the above pages have excellent information on this Worm.
>
>
>NEW VIRUS ALERT!!!  THIS IS NO JOKE!!
>
>IF YOU RECEIVE AN EMAIL WITH AN ATTACHMENT CALLED ZIPPED_FILES, DELETE IT
>IMMEDIATELY
>
>Information and a sample will look like this:
>
>Virus Alert: Win95.ZippedFiles (aka. Worm.ExploreZip)
>
>Name
>Win95.ZippedFiles (aka. Worm.ExploreZip)
>
>Symptoms
>The worm spreads as an attachment to an e-mail with the following message
>body:
>
>Hi <Name of Recipient>!,
>I received your email and I shall send you a reply ASAP.
>Till then, take a look at the attached zipped docs.
>bye
>
>Users receive this as a response to an e-mail they previously sent to a
>known account. The userÆs name is usually in the first line and the subject
>line is random, but normally the same subject as a previously sent e-mail.
>
>The e-mail contains an attachment called "zipped_files.exe" which is
>210,432 bytes in size. The attachment displayed uses a WinZip icon shown
>above, disguising itself as a self-extracting file.
>
>The worm also copies itself to the Windows System (System32 on Windows NT)
>directory with                      the filename "Explore.exe", and
>modifies the WIN.INI file (Windows 9x) or the registry (on
>    Windows NT). This results in the program being executed each time
>Windows is started.
>
>In addition, when Worm.ExploreZip is executed, it searches drives C through
>Z of your computer system and selects a series of files to destroy based on
>file extensions (including .h, .c, .cpp, .asm, .doc, .xls, .ppt) by calling
>CreateFile(), and making them 0 bytes long. You may notice extended hard
>drive activity when this occurs. This can result in non-recoverable data.



Mary Ellin D'Agostino, PhD, RPA
Post-Doctoral Fellow
Archaeological Research Facility
University of California
Berkeley, CA 94720-1076
Fax: 510-643-9637
[log in to unmask]

ATOM RSS1 RSS2

COMMUNITY.LSOFT.COM