|
PureBytes Links
Trading Reference Links
|
Please stop spamming Eskimo.com mailing lists with these distracting,
gratuitous, irrelevant virus broadcasts.
However well intentioned they may be, it is much more useful and reliable
for individuals to get this sort of data directly from Virus Info web sites,
if they choose, rather than from some lame To/From AOL address.
Thanks
----- Original Message -----
From: <Peter2150@xxxxxxx>
To: <Peter2150@xxxxxxx>
Sent: Sunday, April 02, 2000 5:25 PM
Subject: Another real virus. Seems to affect all with W95 and later
> This press release comes from F-Secure. For more
> information on F-Secure's mailing list policy,
> see end of message.
>
>
> Press release
>
> F-SECURE CORPORATION SOLVED THE MYSTERY 911-CALLING INTERNET WORM
>
> Firkin worm spreads to Internet-connected PCs
>
> Espoo, Finland, April 2, 2000 - F-Secure Corporation, a leading provider
> of centrally-managed, widely distributed security solutions, has analysed
> a new internet worm known as Firkin or Chode. This worm attempts to cause
> a denial-of-service attack against the 911 emergency hotline. F-Secure
> Anti-Virus detects and disinfects the worm.
>
> Firkin is a family of closely-related internet worms. They have been
> written entirely in the simple DOS batch language. These worms replicate
> further over the internet, infecting Windows-based computers which have
> their hard drive shared to the world. Many users accidentally share
> their whole hard drive and when they connect to the internet, anybody
> can access it. The worm uses this vulnerability to spread further.
>
> When the Firkin worm is started, it searches a wide range of machines
> connected to the Internet. The search is targeted at computers using
> some of the largest ISPs (Internet Service Providers) in the world,
> including AT&T, America Online, MCI and Earthlink.
>
> The worm scans every machine to find one which has shared its hard
> drive. When such a system is found, the worm copies itself to the
> target computer and modifies its system in such a way that the worm is
> executed the next time the system is booted.
>
> At this time, the virus might add a routine that calls the 911
> emergency number using a modem every time the infected system is
> booted. This routine is injected into the host system at random and
> is not present in every infected computer.
>
> The result of this routine is that every time such a system is
> restarted, the computer silently dials a normal phone call to 911.
> Since it is standard procedure in many locations for the emergency
> services to dispatch a unit to the location of an incoming 911 call,
> the results can be quite serious, possibly causing delays in
> responding to real calls.
>
> Depending on the exact variant of the worm, it might also attempt
> to delete all files from several directories on the computer and
> display messages on screen. The deletion of files is programmed to
> happen on the 19th of every month.
>
> The worm code contains several text strings, including:
>
> fOREsKIN sElf rEPlIcAToR vERSION 1.07c final CHAoS
> (C) 2000 EMD LABS INC rAndOm dEvIStAtOr
> nOt pErFECt, bUt iT sERvES iTS pUrPosE....bAtCh fIlE pROgRAMmINg
>
> The FBI discovered one variant of this worm during a 'recent and
> breaking' case.
>
> "This is a serious denial-of-service attack against the 911 emergency
> system," comments Mikko Hypponen, Manager of Anti-Virus Research at
> F-Secure Corporation. "The only bright side to the situation is that
> this worm is unlikely to cause damage outside North America". The
> ISPs the worm is attacking operate mainly in the USA, and 911
> is used as an emergency number primarily in North America.
>
> Infected systems can easily be spotted by checking whether the
> "C:\Program Files" folder contains a new hidden folder called either
> "Chode", "Foreskin" or "Dickhair". To see hidden folders with Windows
> Explorer, turn on the "Show all files" setting from Explorer options.
>
> F-Secure Anti-Virus can be used to detect and disinfect this worm.
> Free evaluation copies of F-Secure Anti-Virus are available at:
> http://www.F-Secure.com/download-purchase/
>
> Further technical information of the Firkin worm is be available at:
> http://www.F-Secure.com/virus-info/
>
> About F-Secure Corporation
>
> F-Secure Corporation is a leading developer of centrally managed, widely
> distributed security solutions. The company offers a full range of
> award-winning, integrated anti-virus, file encryption and VPN solutions
for
> workstations, servers and gateways. F-Secure Corporation products and
> Framework are uniquely suited for delivery of Security as a ServiceT by
> enterprise IT departments as well as a wide range of partners including
> ISPs, outsourcing firms and ASPs. For the end-user, Security as a Service
> is invisible, automatic, reliable, always-on, and up-to-date. For the
> administrator, Security as a Service means policy-based management,
instant
> alerts, and centralized management of a widely-distributed user base.
>
> Founded in 1988, F-Secure Corporation is listed on the Helsinki Stock
> Exchange (HEX: FSC). The company is headquartered in Espoo, Finland with
> North American headquarters in San Jose, California, as well as offices in
> Canada, Germany, China, France, Japan and the United Kingdom. F-Secure
> Corporation is supported by a network of VARs and Distributors in over 90
> countries around the globe.
>
> For more information, please contact
>
> Finland:
> F-Secure Corporation
> Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
> PL 24
> FIN-02231 ESPOO
> Tel +358 9 8599 0513
> Fax +358 9 8599 0599
> E-mail: Mikko.Hypponen@xxxxxxxxxxxx
>
> USA:
> F-Secure Inc.
> Mr. Dan Takata, Manager, Training Division, Professional Services
> 675 N. First Street, 8th Floor
> San Jose, CA 95112
> Tel. +1 408 938 6700,
> Fax +1 408 938 6701
> e-mail Dan.Takata@xxxxxxxxxxxx
>
> http://www.F-Secure.com/
>
> Mailing list policy
>
> You have previously expressed interest in our products, or have asked
> to be included on one of our press release lists by personally giving us
> your e-mail address for this purpose.Our mailing list are for the
> exclusive use and the expressed purpose of F-Secure and are not
> sold or or given to third parties.
>
> If you no longer wish to receive our press releases, or your email address
> has been added to our lists without your consent, you can unsubscribe at
> http://www.F-Secure.com/news/subscribe.html
>
> If you only wish to receive our press releases concerning viruses,
> please go to
> http://www.F-Secure.com/news/subscribe.html
> and first unsubscribe from
> press-english-interest@xxxxxxxxxxxxxxxxxx
> and then subscribe to
> press-english-virus-announcement@xxxxxxxxxxxxxxxxxx
> ________________________________________________
>
> Marita Nasman-Repo tel: +358 9 8599 0613
> Communicator fax : +358 9 8599 0599
> mobile: +358 40 517 4613
>
> F-Secure Corporation http://www.F-Secure.com
>
> F-Secure products: Security for the mobile, distributed enterprise
> __________________________________________________
>
>
|