[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another real virus. Seems to affect all with W95 and later STOP SPAMMING

PureBytes Links

Trading Reference Links

 
I've just been to the Norton Antivirus website.  (I've also gone to the
F-Secure website.)

Peter was DEFINITELY NOT spamming.

We should thank him for the alert.

Still don't believe?  Please visit:
http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html


Regards,

Wong
======================================================
At 06:48 PM 04/02/2000 -0400, Bob wrote:
>Thanks for your interest and remarkably speedy feedback Andrea!
>
>I suspect your threshold definition of rude is somewhat low.
>
>This fellow Peter is utilizing the names on the eskimo list for possibly
>well intentioned but misguided purposes and obscuring, to a degree, the
>mechanism used.
>
>Despite the F-Secure nomenclature his communication has all the hallmark
>characteristics of Virus Hoaxes and other nuisance EMail often originating
>from Web EMail or AOL addresses.
>
>I disregarded the first Spam sent several days ago, but per the
>recommendations of established anti-spamming sites I politely complained
>about it this time.
>
>I see from your address you are University affiliated. May I suggest you put
>the following Stanford University write-up on Spam on your reading list:
>http://www-ccrma.stanford.edu/~daj/spam.html
>
>When you are through with that you may be interested in the following
>resources as well, which permit individuals to access pertinent data to the
>extent they may want, when and if they want it:
>
>U.S. Government Anti-Hoax Information
>http://ciac.llnl.gov/ciac/CIACHoaxes.html
>
>Private and Commercial Anti-Hoax Information
>http://www.stiller.com/hoaxes.htm
>http://www.parrottalk.com/virus.html
>http://www.europe.datafellows.com/news/hoax.htm
>http://www.hoaxkill.com/
>http://netinfo.msu.edu/hoaxes.html
>http://www.urbanlegends.com
>http://www.philb.com/hoaxes.htm
>http://vil.mcafee.com/hoax.asp
>
>Private and Commercial Anti-Spam and Anti-Chain Letter Information
>http://home.earthlink.net/~emjaybe/spam2.html
>http://www.cs.rutgers.edu/~watrous/chain-letters.html
>
>Free AntiVirus Assistance
>http://www.drsolomons.com/home/home.cfm
>http://housecall.antivirus.com/default.asp
>
>Introduction to Net Scams and Hoaxes
>http://kryten.eng.monash.edu.au/netscams.html
>
>SARC Virus and Hoax Encyclopedia
>http://www.symantec.com/avcenter/vinfodb.html
>
>
>----- Original Message -----
>From: Andrea E. Frohne <bf20415@xxxxxxxxxxxxxx>
>To: Bob <bobg63@xxxxxxx>
>Cc: <omega-list@xxxxxxxxxx>; <Peter2150@xxxxxxx>
>Sent: Sunday, April 02, 2000 6:16 PM
>Subject: Re: Another real virus. Seems to affect all with W95 and later STOP
>SPAMMING
>
>
>> Bob, I think the title was clear enough for you not to have to read it.
>Don't
>> send rude messges to everyone.
>>
>>
>> Bob wrote:
>>
>> > Please stop spamming Eskimo.com mailing lists with these distracting,
>> > gratuitous, irrelevant virus broadcasts.
>> >
>> > However well intentioned they may be, it is much more useful and
>reliable
>> > for individuals to get this sort of data directly from Virus Info web
>sites,
>> > if they choose, rather than from some lame To/From AOL address.
>> >
>> > Thanks
>> >
>> > ----- Original Message -----
>> > From: <Peter2150@xxxxxxx>
>> > To: <Peter2150@xxxxxxx>
>> > Sent: Sunday, April 02, 2000 5:25 PM
>> > Subject: Another real virus. Seems to affect all with W95 and later
>> >
>> > > This press release comes from F-Secure. For more
>> > > information on F-Secure's mailing list policy,
>> > > see end of message.
>> > >
>> > >
>> > > Press release
>> > >
>> > > F-SECURE CORPORATION SOLVED THE MYSTERY 911-CALLING INTERNET WORM
>> > >
>> > > Firkin worm spreads to Internet-connected PCs
>> > >
>> > > Espoo, Finland, April 2, 2000 - F-Secure Corporation, a leading
>provider
>> > > of centrally-managed, widely distributed security solutions, has
>analysed
>> > > a new internet worm known as Firkin or Chode. This worm attempts to
>cause
>> > > a denial-of-service attack against the 911 emergency hotline. F-Secure
>> > > Anti-Virus detects and disinfects the worm.
>> > >
>> > > Firkin is a family of closely-related internet worms. They have been
>> > > written entirely in the simple DOS batch language. These worms
>replicate
>> > > further over the internet, infecting Windows-based computers which
>have
>> > > their hard drive shared to the world. Many users accidentally share
>> > > their whole hard drive and when they connect to the internet, anybody
>> > > can access it. The worm uses this vulnerability to spread further.
>> > >
>> > > When the Firkin worm is started, it searches a wide range of machines
>> > > connected to the Internet. The search is targeted at computers using
>> > > some of the largest ISPs (Internet Service Providers) in the world,
>> > > including AT&T, America Online, MCI and Earthlink.
>> > >
>> > > The worm scans every machine to find one which has shared its hard
>> > > drive. When such a system is found, the worm copies itself to the
>> > > target computer and modifies its system in such a way that the worm is
>> > > executed the next time the system is booted.
>> > >
>> > > At this time, the virus might add a routine that calls the 911
>> > > emergency number using a modem every time the infected system is
>> > > booted. This routine is injected into the host system at random and
>> > > is not present in every infected computer.
>> > >
>> > > The result of this routine is that every time such a system is
>> > > restarted, the computer silently dials a normal phone call to 911.
>> > > Since it is standard procedure in many locations for the emergency
>> > > services to dispatch a unit to the location of an incoming 911 call,
>> > > the results can be quite serious, possibly causing delays in
>> > > responding to real calls.
>> > >
>> > > Depending on the exact variant of the worm, it might also attempt
>> > > to delete all files from several directories on the computer and
>> > > display messages on screen. The deletion of files is programmed to
>> > > happen on the 19th of every month.
>> > >
>> > > The worm code contains several text strings, including:
>> > >
>> > >      fOREsKIN sElf rEPlIcAToR vERSION 1.07c final CHAoS
>> > >      (C) 2000 EMD LABS INC rAndOm dEvIStAtOr
>> > >      nOt pErFECt, bUt iT sERvES iTS pUrPosE....bAtCh fIlE pROgRAMmINg
>> > >
>> > > The FBI discovered one variant of this worm during a 'recent and
>> > > breaking' case.
>> > >
>> > > "This is a serious denial-of-service attack against the 911 emergency
>> > > system," comments Mikko Hypponen, Manager of Anti-Virus Research at
>> > > F-Secure Corporation. "The only bright side to the situation is that
>> > > this worm is unlikely to cause damage outside North America". The
>> > > ISPs the worm is attacking operate mainly in the USA, and 911
>> > > is used as an emergency number primarily in North America.
>> > >
>> > > Infected systems can easily be spotted by checking whether the
>> > > "C:\Program Files" folder contains a new hidden folder called either
>> > > "Chode", "Foreskin" or "Dickhair". To see hidden folders with Windows
>> > > Explorer, turn on the "Show all files" setting from Explorer options.
>> > >
>> > > F-Secure Anti-Virus can be used to detect and disinfect this worm.
>> > > Free evaluation copies of F-Secure Anti-Virus are available at:
>> > > http://www.F-Secure.com/download-purchase/
>> > >
>> > > Further technical information of the Firkin worm is be available at:
>> > > http://www.F-Secure.com/virus-info/
>> > >
>> > > About F-Secure Corporation
>> > >
>> > > F-Secure Corporation  is a leading developer of centrally managed,
>widely
>> > > distributed security solutions. The company offers a full range of
>> > > award-winning, integrated anti-virus, file encryption and VPN
>solutions
>> > for
>> > > workstations, servers and gateways. F-Secure Corporation  products and
>> > > Framework are uniquely suited for delivery of Security as a ServiceT
>by
>> > > enterprise IT departments as well as a wide range of partners
>including
>> > > ISPs, outsourcing firms and ASPs. For the end-user, Security as a
>Service
>> > > is invisible, automatic, reliable, always-on, and up-to-date. For the
>> > > administrator, Security as a Service means policy-based management,
>> > instant
>> > > alerts, and centralized management of a widely-distributed user base.
>> > >
>> > > Founded in 1988, F-Secure Corporation is listed on the Helsinki Stock
>> > > Exchange (HEX: FSC). The company is headquartered in Espoo, Finland
>with
>> > > North American headquarters in San Jose, California, as well as
>offices in
>> > > Canada, Germany, China, France, Japan and the United Kingdom. F-Secure
>> > > Corporation is supported by a network of VARs and Distributors in over
>90
>> > > countries around the globe.
>> > >
>> > > For more information, please contact
>> > >
>> > > Finland:
>> > > F-Secure Corporation
>> > > Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
>> > > PL 24
>> > > FIN-02231 ESPOO
>> > > Tel +358 9 8599 0513
>> > > Fax +358 9 8599 0599
>> > > E-mail: Mikko.Hypponen@xxxxxxxxxxxx
>> > >
>> > > USA:
>> > > F-Secure Inc.
>> > > Mr. Dan Takata, Manager, Training Division, Professional Services
>> > > 675 N. First Street, 8th Floor
>> > > San Jose, CA 95112
>> > > Tel. +1 408 938 6700,
>> > > Fax  +1 408 938 6701
>> > > e-mail Dan.Takata@xxxxxxxxxxxx
>> > >
>> > > http://www.F-Secure.com/
>> > >
>> > > Mailing list policy
>> > >
>> > > You have previously expressed interest in our products, or have asked
>> > > to be included on one of our press release lists by personally giving
>us
>> > > your e-mail address for this purpose.Our mailing list are for the
>> > > exclusive use and the expressed purpose of F-Secure and are not
>> > > sold or or given to third parties.
>> > >
>> > > If you no longer wish to receive our press releases, or your email
>address
>> > > has been added to our lists without your consent, you can unsubscribe
>at
>> > > http://www.F-Secure.com/news/subscribe.html
>> > >
>> > > If you only wish to receive our press releases concerning viruses,
>> > > please go to
>> > > http://www.F-Secure.com/news/subscribe.html
>> > > and first unsubscribe from
>> > > press-english-interest@xxxxxxxxxxxxxxxxxx
>> > > and then subscribe to
>> > > press-english-virus-announcement@xxxxxxxxxxxxxxxxxx
>> > > ________________________________________________
>> > >
>> > >   Marita Nasman-Repo             tel:    +358 9 8599 0613
>> > >   Communicator           fax :   +358 9 8599 0599
>> > >                                  mobile: +358 40 517 4613
>> > >
>> > >   F-Secure Corporation   http://www.F-Secure.com
>> > >
>> > >   F-Secure products: Security for the mobile, distributed enterprise
>> > > __________________________________________________
>> > >
>> > >
>>
>>
>
>
>
>