|
PureBytes Links
Trading Reference Links
|
Bob, I think the title was clear enough for you not to have to read it. Don't
send rude messges to everyone.
Bob wrote:
> Please stop spamming Eskimo.com mailing lists with these distracting,
> gratuitous, irrelevant virus broadcasts.
>
> However well intentioned they may be, it is much more useful and reliable
> for individuals to get this sort of data directly from Virus Info web sites,
> if they choose, rather than from some lame To/From AOL address.
>
> Thanks
>
> ----- Original Message -----
> From: <Peter2150@xxxxxxx>
> To: <Peter2150@xxxxxxx>
> Sent: Sunday, April 02, 2000 5:25 PM
> Subject: Another real virus. Seems to affect all with W95 and later
>
> > This press release comes from F-Secure. For more
> > information on F-Secure's mailing list policy,
> > see end of message.
> >
> >
> > Press release
> >
> > F-SECURE CORPORATION SOLVED THE MYSTERY 911-CALLING INTERNET WORM
> >
> > Firkin worm spreads to Internet-connected PCs
> >
> > Espoo, Finland, April 2, 2000 - F-Secure Corporation, a leading provider
> > of centrally-managed, widely distributed security solutions, has analysed
> > a new internet worm known as Firkin or Chode. This worm attempts to cause
> > a denial-of-service attack against the 911 emergency hotline. F-Secure
> > Anti-Virus detects and disinfects the worm.
> >
> > Firkin is a family of closely-related internet worms. They have been
> > written entirely in the simple DOS batch language. These worms replicate
> > further over the internet, infecting Windows-based computers which have
> > their hard drive shared to the world. Many users accidentally share
> > their whole hard drive and when they connect to the internet, anybody
> > can access it. The worm uses this vulnerability to spread further.
> >
> > When the Firkin worm is started, it searches a wide range of machines
> > connected to the Internet. The search is targeted at computers using
> > some of the largest ISPs (Internet Service Providers) in the world,
> > including AT&T, America Online, MCI and Earthlink.
> >
> > The worm scans every machine to find one which has shared its hard
> > drive. When such a system is found, the worm copies itself to the
> > target computer and modifies its system in such a way that the worm is
> > executed the next time the system is booted.
> >
> > At this time, the virus might add a routine that calls the 911
> > emergency number using a modem every time the infected system is
> > booted. This routine is injected into the host system at random and
> > is not present in every infected computer.
> >
> > The result of this routine is that every time such a system is
> > restarted, the computer silently dials a normal phone call to 911.
> > Since it is standard procedure in many locations for the emergency
> > services to dispatch a unit to the location of an incoming 911 call,
> > the results can be quite serious, possibly causing delays in
> > responding to real calls.
> >
> > Depending on the exact variant of the worm, it might also attempt
> > to delete all files from several directories on the computer and
> > display messages on screen. The deletion of files is programmed to
> > happen on the 19th of every month.
> >
> > The worm code contains several text strings, including:
> >
> > fOREsKIN sElf rEPlIcAToR vERSION 1.07c final CHAoS
> > (C) 2000 EMD LABS INC rAndOm dEvIStAtOr
> > nOt pErFECt, bUt iT sERvES iTS pUrPosE....bAtCh fIlE pROgRAMmINg
> >
> > The FBI discovered one variant of this worm during a 'recent and
> > breaking' case.
> >
> > "This is a serious denial-of-service attack against the 911 emergency
> > system," comments Mikko Hypponen, Manager of Anti-Virus Research at
> > F-Secure Corporation. "The only bright side to the situation is that
> > this worm is unlikely to cause damage outside North America". The
> > ISPs the worm is attacking operate mainly in the USA, and 911
> > is used as an emergency number primarily in North America.
> >
> > Infected systems can easily be spotted by checking whether the
> > "C:\Program Files" folder contains a new hidden folder called either
> > "Chode", "Foreskin" or "Dickhair". To see hidden folders with Windows
> > Explorer, turn on the "Show all files" setting from Explorer options.
> >
> > F-Secure Anti-Virus can be used to detect and disinfect this worm.
> > Free evaluation copies of F-Secure Anti-Virus are available at:
> > http://www.F-Secure.com/download-purchase/
> >
> > Further technical information of the Firkin worm is be available at:
> > http://www.F-Secure.com/virus-info/
> >
> > About F-Secure Corporation
> >
> > F-Secure Corporation is a leading developer of centrally managed, widely
> > distributed security solutions. The company offers a full range of
> > award-winning, integrated anti-virus, file encryption and VPN solutions
> for
> > workstations, servers and gateways. F-Secure Corporation products and
> > Framework are uniquely suited for delivery of Security as a ServiceT by
> > enterprise IT departments as well as a wide range of partners including
> > ISPs, outsourcing firms and ASPs. For the end-user, Security as a Service
> > is invisible, automatic, reliable, always-on, and up-to-date. For the
> > administrator, Security as a Service means policy-based management,
> instant
> > alerts, and centralized management of a widely-distributed user base.
> >
> > Founded in 1988, F-Secure Corporation is listed on the Helsinki Stock
> > Exchange (HEX: FSC). The company is headquartered in Espoo, Finland with
> > North American headquarters in San Jose, California, as well as offices in
> > Canada, Germany, China, France, Japan and the United Kingdom. F-Secure
> > Corporation is supported by a network of VARs and Distributors in over 90
> > countries around the globe.
> >
> > For more information, please contact
> >
> > Finland:
> > F-Secure Corporation
> > Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
> > PL 24
> > FIN-02231 ESPOO
> > Tel +358 9 8599 0513
> > Fax +358 9 8599 0599
> > E-mail: Mikko.Hypponen@xxxxxxxxxxxx
> >
> > USA:
> > F-Secure Inc.
> > Mr. Dan Takata, Manager, Training Division, Professional Services
> > 675 N. First Street, 8th Floor
> > San Jose, CA 95112
> > Tel. +1 408 938 6700,
> > Fax +1 408 938 6701
> > e-mail Dan.Takata@xxxxxxxxxxxx
> >
> > http://www.F-Secure.com/
> >
> > Mailing list policy
> >
> > You have previously expressed interest in our products, or have asked
> > to be included on one of our press release lists by personally giving us
> > your e-mail address for this purpose.Our mailing list are for the
> > exclusive use and the expressed purpose of F-Secure and are not
> > sold or or given to third parties.
> >
> > If you no longer wish to receive our press releases, or your email address
> > has been added to our lists without your consent, you can unsubscribe at
> > http://www.F-Secure.com/news/subscribe.html
> >
> > If you only wish to receive our press releases concerning viruses,
> > please go to
> > http://www.F-Secure.com/news/subscribe.html
> > and first unsubscribe from
> > press-english-interest@xxxxxxxxxxxxxxxxxx
> > and then subscribe to
> > press-english-virus-announcement@xxxxxxxxxxxxxxxxxx
> > ________________________________________________
> >
> > Marita Nasman-Repo tel: +358 9 8599 0613
> > Communicator fax : +358 9 8599 0599
> > mobile: +358 40 517 4613
> >
> > F-Secure Corporation http://www.F-Secure.com
> >
> > F-Secure products: Security for the mobile, distributed enterprise
> > __________________________________________________
> >
> >
|