[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: - VIRUS ALERT!



PureBytes Links

Trading Reference Links



Don't know if this was posted since I haven't received anything from the
list today.  In case it was posted, I apoligize.  It looks like a different
one than the one from a day or two ago.

Guy


-----Original Message-----
From: owner-SysWorks-Techinfo-l@xxxxxxxxxxxxxxxxxxxx
[mailto:owner-SysWorks-Techinfo-l@xxxxxxxxxxxxxxxxxxxx]On Behalf Of Symantec
News Bulletins
Sent: Friday, December 03, 1999 6:09 PM
To: SYSWORKS-TECHINFO-L@xxxxxxxxxxxxxxxxxxxx
Subject: - VIRUS ALERT!

The following is a copy of Norton AntiVirus Alert we sent
out earlier today December 3, 1999. It contains urgent virus
information that could be of interest to you.


=============================================================
** NORTON ANTIVIRUS EMERGENCY NEWS BULLETIN - VIRUS ALERT! **
=============================================================

December 3, 1999
_____________________________

WARNING! New Y2K virus spreads through email!

W32.Mypics.Worm is a new, destructive Y2K worm virus. It comes into
your system as an email attachment disguised as a picture. The worm
propagates automatically on Windows 9x and Windows NT platforms and
has a destructive payload that triggers in the year 2000. It also
changes the Home page in Internet Explorer to a site containing adult
content.

*** THIS VIRUS SHOULD BE CONSIDERED DANGEROUS!

Do NOT open an email attachment named Pics4You.exe. ***

To ensure that your system is protected against this new virus, you
must update your detection definitions.

*** Monitor the site

http://www.symantec.com/techsupp/vURL.cgi/nav23

for notice when the virus definitions have been updated and for full
details on this destructive virus. ***

W32/MYPICS.WORM Y2K VIRUS DESCRIPTION:

*       A new, destructive Y2K virus has been discovered that disguises
itself as a Y2K problem.  W32/Mypics.worm is a computer worm that is
received as an email attachment disguised as a picture.

*       Once it infects the host computer it attempts to send itself
using Microsoft Outlook to up to 50 people in the users' Microsoft
Outlook address book. It also changes the Home page in Internet
Explorer to a site containing adult content.

*       Additionally, on Jan.1, 2000, the worm will overwrite the
checksum data in the host computer's CMOS memory so when the system
is rebooted the user will think that there may be a Y2K related
problem with the computer's BIOS.  Once the computer is restarted the
virus will attempt to format the local hard drives and erase all data.

CHARACTERISTICS OF INFECTION:

*       W32/Mypics.worm arrives in an e-mail, with no subject line. The
body of the message reads, "Here's some pictures for you!"  The e-
mail message contains a "Pics4You.exe" attachment that is
approximately 34,304 bytes in size.

*       Once the user opens the attachment, the worm loads itself into
memory and executes by sending out copies of itself attached to e-
mails addressed to up to 50 people in the users address list.

*       In addition, it modifies the system registry to load its dropped
file "cbios.com" on system startup and also changes the user's home
page in Internet Explorer to

http://www.geocities.com/SiliconValley/Vista/8279/index.html

a site that contains some adult content.

*   On Jan. 1, 2000 or on any day during the year 2000, the worm
writes to the computers CMOS memory to invalidate the system
integrity or checksum data. The next time the system is rebooted, the
user will be warned that the "CMOS checksum is invalid," making the
user believe that it is a Y2K problem, not a computer worm.  After
validating the CMOS data the computer will continue to boot and if
the file 'cbios.com' is located in the root directory of the C drive,
the virus will silently load itself and then completely reformat the
D: and C: local hard drives.

VIRUS RATING:

Medium/High Risk


RECCOMENDATIONS/PROTECTION:

*       Do not attempt to open the attached document.

*       Download new definitions set. This will be available late
December 3, 1999, through Symantec's LiveUpdate feature or from the
Symantec Web site at www.symantec.com/avcenter/download.html. Update
virus anti-virus software to ensure protection against both variants.


****


1.  Year 2000: Is this product Year 2000 compliant?
2.  Subscribing and unsubscribing
3.  Disclaimer
_____________________________

NOTE:
This is an outgoing email address. Please do not reply to this email
message. If you require assistance installing, configuring, or
troubleshooting a Symantec product, or you have a question for
Symantec Customer Service, please visit the Symantec Service &
Support Web site at the following address:

http://www.symantec.com/techsupp/

Select your product and version and click Go.

____________

To view this News Bulletin in HTML format:

To see an HTML version of this newsletter, please visit the following
Internet web site:

http://www.symantec.com/techsupp/vURL.cgi/nav22
_____________________________

1.  Year 2000: Is this product Year 2000 compliant?

For more details on this question, point your browser to the
following Internet address:

http://www.symantec.com/y2k/y2k.html

_______________________________


2.  Subscribe or unsubscribe

If you would like to subscribe to other Symantec newsletters, please
visit the following web site and follow the appropriate instructions:

http://www.symantec.com/techsupp/bulletin/index.html

If you no longer want to receive this newsletter, let us know by
following these steps:

  1. Create a new email addressed to:

          listserv@xxxxxxxxxxxxxxxxxxxxx

  2. In the Subject line of your email software, type the following:

          unsubscribe

  3. In the body of the message, type the following:

          SIGNOFF NAV-TECHINFO-L

  4. Send the message.

If you would like to unsubscribe from other Symantec newsletters,
please visit the following web site and follow the appropriate
instructions:

http://www.symantec.com/techsupp/bulletin/index.html

_____________________________

3.  Disclaimer

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY

This message contains Symantec Corporation's current view of the
topics discussed as of the date of this document. The information
contained in this message is provided "as is" without warranty of any
kind, either expressed or implied, including but not limited to the
implied warranties of merchantability, fitness for a particular
purpose, and freedom from infringement. The user assumes the entire
risk as to the accuracy and the use of this document. This document
may not be distributed for profit.

Symantec and the Symantec logo are U.S. registered trademarks of
Symantec Corporation. LiveAdvisor is a trademark of Symantec
Corporation. Other brands and products are trademarks of their
respective holder(s).

(c) Copyright 1999 Symantec Corporation. All rights reserved.
Materials may not be published in other documents without the
express, written permission of Symantec Corporation.