[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

THANKS PETER !!!! Re: Another real virus.



PureBytes Links

Trading Reference Links

> I've just been to the Norton Antivirus website.  (I've also gone to the
> F-Secure website.)
> 
> Peter was DEFINITELY NOT spamming.
> 
> We should thank him for the alert.

definetely - only Virus warnings I ALLWAYS watch are PETERs - most other 
stuff which is sent out buy some sleeping bags is b.s. - or worse, sleeping 
bags who complain about good jobs as peter does to this list !!!

THANKS PETER !!!!

rgds hans


 
> Still don't believe?  Please visit:
> http://www.symantec.com/avcenter/venc/data/bat.chode.worm.html
> 
> 
> Regards,
> 
> Wong
> ======================================================
> At 06:48 PM 04/02/2000 -0400, Bob wrote:
> >Thanks for your interest and remarkably speedy feedback Andrea!
> >
> >I suspect your threshold definition of rude is somewhat low.
> >
> >This fellow Peter is utilizing the names on the eskimo list for possibly
> >well intentioned but misguided purposes and obscuring, to a degree, the
> >mechanism used.
> >
> >Despite the F-Secure nomenclature his communication has all the hallmark
> >characteristics of Virus Hoaxes and other nuisance EMail often
> >originating from Web EMail or AOL addresses.
> >
> >I disregarded the first Spam sent several days ago, but per the
> >recommendations of established anti-spamming sites I politely complained
> >about it this time.
> >
> >I see from your address you are University affiliated. May I suggest you
> >put the following Stanford University write-up on Spam on your reading
> >list: http://www-ccrma.stanford.edu/~daj/spam.html
> >
> >When you are through with that you may be interested in the following
> >resources as well, which permit individuals to access pertinent data to
> >the extent they may want, when and if they want it:
> >
> >U.S. Government Anti-Hoax Information
> >http://ciac.llnl.gov/ciac/CIACHoaxes.html
> >
> >Private and Commercial Anti-Hoax Information
> >http://www.stiller.com/hoaxes.htm
> >http://www.parrottalk.com/virus.html
> >http://www.europe.datafellows.com/news/hoax.htm
> >http://www.hoaxkill.com/
> >http://netinfo.msu.edu/hoaxes.html
> >http://www.urbanlegends.com
> >http://www.philb.com/hoaxes.htm
> >http://vil.mcafee.com/hoax.asp
> >
> >Private and Commercial Anti-Spam and Anti-Chain Letter Information
> >http://home.earthlink.net/~emjaybe/spam2.html
> >http://www.cs.rutgers.edu/~watrous/chain-letters.html
> >
> >Free AntiVirus Assistance
> >http://www.drsolomons.com/home/home.cfm
> >http://housecall.antivirus.com/default.asp
> >
> >Introduction to Net Scams and Hoaxes
> >http://kryten.eng.monash.edu.au/netscams.html
> >
> >SARC Virus and Hoax Encyclopedia
> >http://www.symantec.com/avcenter/vinfodb.html
> >
> >
> >----- Original Message -----
> >From: Andrea E. Frohne <bf20415@xxxxxxxxxxxxxx>
> >To: Bob <bobg63@xxxxxxx>
> >Cc: <omega-list@xxxxxxxxxx>; <Peter2150@xxxxxxx>
> >Sent: Sunday, April 02, 2000 6:16 PM
> >Subject: Re: Another real virus. Seems to affect all with W95 and later
> >STOP SPAMMING
> >
> >
> >> Bob, I think the title was clear enough for you not to have to read it.
> >Don't
> >> send rude messges to everyone.
> >>
> >>
> >> Bob wrote:
> >>
> >> > Please stop spamming Eskimo.com mailing lists with these distracting,
> >> > gratuitous, irrelevant virus broadcasts.
> >> >
> >> > However well intentioned they may be, it is much more useful and
> >reliable
> >> > for individuals to get this sort of data directly from Virus Info web
> >sites,
> >> > if they choose, rather than from some lame To/From AOL address.
> >> >
> >> > Thanks
> >> >
> >> > ----- Original Message -----
> >> > From: <Peter2150@xxxxxxx>
> >> > To: <Peter2150@xxxxxxx>
> >> > Sent: Sunday, April 02, 2000 5:25 PM
> >> > Subject: Another real virus. Seems to affect all with W95 and later
> >> >
> >> > > This press release comes from F-Secure. For more
> >> > > information on F-Secure's mailing list policy,
> >> > > see end of message.
> >> > >
> >> > >
> >> > > Press release
> >> > >
> >> > > F-SECURE CORPORATION SOLVED THE MYSTERY 911-CALLING INTERNET WORM
> >> > >
> >> > > Firkin worm spreads to Internet-connected PCs
> >> > >
> >> > > Espoo, Finland, April 2, 2000 - F-Secure Corporation, a leading
> >provider
> >> > > of centrally-managed, widely distributed security solutions, has
> >analysed
> >> > > a new internet worm known as Firkin or Chode. This worm attempts to
> >cause
> >> > > a denial-of-service attack against the 911 emergency hotline.
> >> > > F-Secure Anti-Virus detects and disinfects the worm.
> >> > >
> >> > > Firkin is a family of closely-related internet worms. They have
> >> > > been written entirely in the simple DOS batch language. These worms
> >replicate
> >> > > further over the internet, infecting Windows-based computers which
> >have
> >> > > their hard drive shared to the world. Many users accidentally share
> >> > > their whole hard drive and when they connect to the internet,
> >> > > anybody can access it. The worm uses this vulnerability to spread
> >> > > further.
> >> > >
> >> > > When the Firkin worm is started, it searches a wide range of
> >> > > machines connected to the Internet. The search is targeted at
> >> > > computers using some of the largest ISPs (Internet Service
> >> > > Providers) in the world, including AT&T, America Online, MCI and
> >> > > Earthlink.
> >> > >
> >> > > The worm scans every machine to find one which has shared its hard
> >> > > drive. When such a system is found, the worm copies itself to the
> >> > > target computer and modifies its system in such a way that the worm
> >> > > is executed the next time the system is booted.
> >> > >
> >> > > At this time, the virus might add a routine that calls the 911
> >> > > emergency number using a modem every time the infected system is
> >> > > booted. This routine is injected into the host system at random and
> >> > > is not present in every infected computer.
> >> > >
> >> > > The result of this routine is that every time such a system is
> >> > > restarted, the computer silently dials a normal phone call to 911.
> >> > > Since it is standard procedure in many locations for the emergency
> >> > > services to dispatch a unit to the location of an incoming 911
> >> > > call, the results can be quite serious, possibly causing delays in
> >> > > responding to real calls.
> >> > >
> >> > > Depending on the exact variant of the worm, it might also attempt
> >> > > to delete all files from several directories on the computer and
> >> > > display messages on screen. The deletion of files is programmed to
> >> > > happen on the 19th of every month.
> >> > >
> >> > > The worm code contains several text strings, including:
> >> > >
> >> > >      fOREsKIN sElf rEPlIcAToR vERSION 1.07c final CHAoS
> >> > >      (C) 2000 EMD LABS INC rAndOm dEvIStAtOr
> >> > >      nOt pErFECt, bUt iT sERvES iTS pUrPosE....bAtCh fIlE
> >> > >      pROgRAMmINg
> >> > >
> >> > > The FBI discovered one variant of this worm during a 'recent and
> >> > > breaking' case.
> >> > >
> >> > > "This is a serious denial-of-service attack against the 911
> >> > > emergency system," comments Mikko Hypponen, Manager of Anti-Virus
> >> > > Research at F-Secure Corporation. "The only bright side to the
> >> > > situation is that this worm is unlikely to cause damage outside
> >> > > North America". The ISPs the worm is attacking operate mainly in
> >> > > the USA, and 911 is used as an emergency number primarily in North
> >> > > America.
> >> > >
> >> > > Infected systems can easily be spotted by checking whether the
> >> > > "C:\Program Files" folder contains a new hidden folder called
> >> > > either "Chode", "Foreskin" or "Dickhair". To see hidden folders
> >> > > with Windows Explorer, turn on the "Show all files" setting from
> >> > > Explorer options.
> >> > >
> >> > > F-Secure Anti-Virus can be used to detect and disinfect this worm.
> >> > > Free evaluation copies of F-Secure Anti-Virus are available at:
> >> > > http://www.F-Secure.com/download-purchase/
> >> > >
> >> > > Further technical information of the Firkin worm is be available
> >> > > at: http://www.F-Secure.com/virus-info/
> >> > >
> >> > > About F-Secure Corporation
> >> > >
> >> > > F-Secure Corporation  is a leading developer of centrally managed,
> >widely
> >> > > distributed security solutions. The company offers a full range of
> >> > > award-winning, integrated anti-virus, file encryption and VPN
> >solutions
> >> > for
> >> > > workstations, servers and gateways. F-Secure Corporation  products
> >> > > and Framework are uniquely suited for delivery of Security as a
> >> > > ServiceT
> >by
> >> > > enterprise IT departments as well as a wide range of partners
> >including
> >> > > ISPs, outsourcing firms and ASPs. For the end-user, Security as a
> >Service
> >> > > is invisible, automatic, reliable, always-on, and up-to-date. For
> >> > > the administrator, Security as a Service means policy-based
> >> > > management,
> >> > instant
> >> > > alerts, and centralized management of a widely-distributed user
> >> > > base.
> >> > >
> >> > > Founded in 1988, F-Secure Corporation is listed on the Helsinki
> >> > > Stock Exchange (HEX: FSC). The company is headquartered in Espoo,
> >> > > Finland
> >with
> >> > > North American headquarters in San Jose, California, as well as
> >offices in
> >> > > Canada, Germany, China, France, Japan and the United Kingdom.
> >> > > F-Secure Corporation is supported by a network of VARs and
> >> > > Distributors in over
> >90
> >> > > countries around the globe.
> >> > >
> >> > > For more information, please contact
> >> > >
> >> > > Finland:
> >> > > F-Secure Corporation
> >> > > Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
> >> > > PL 24
> >> > > FIN-02231 ESPOO
> >> > > Tel +358 9 8599 0513
> >> > > Fax +358 9 8599 0599
> >> > > E-mail: Mikko.Hypponen@xxxxxxxxxxxx
> >> > >
> >> > > USA:
> >> > > F-Secure Inc.
> >> > > Mr. Dan Takata, Manager, Training Division, Professional Services
> >> > > 675 N. First Street, 8th Floor San Jose, CA 95112 Tel. +1 408 938
> >> > > 6700, Fax  +1 408 938 6701 e-mail Dan.Takata@xxxxxxxxxxxx
> >> > >
> >> > > http://www.F-Secure.com/
> >> > >
> >> > > Mailing list policy
> >> > >
> >> > > You have previously expressed interest in our products, or have
> >> > > asked to be included on one of our press release lists by
> >> > > personally giving
> >us
> >> > > your e-mail address for this purpose.Our mailing list are for the
> >> > > exclusive use and the expressed purpose of F-Secure and are not
> >> > > sold or or given to third parties.
> >> > >
> >> > > If you no longer wish to receive our press releases, or your email
> >address
> >> > > has been added to our lists without your consent, you can
> >> > > unsubscribe
> >at
> >> > > http://www.F-Secure.com/news/subscribe.html
> >> > >
> >> > > If you only wish to receive our press releases concerning viruses,
> >> > > please go to http://www.F-Secure.com/news/subscribe.html and first
> >> > > unsubscribe from press-english-interest@xxxxxxxxxxxxxxxxxx and then
> >> > > subscribe to press-english-virus-announcement@xxxxxxxxxxxxxxxxxx
> >> > > ________________________________________________
> >> > >
> >> > >   Marita Nasman-Repo             tel:    +358 9 8599 0613
> >> > >   Communicator           fax :   +358 9 8599 0599
> >> > >                                  mobile: +358 40 517 4613
> >> > >
> >> > >   F-Secure Corporation   http://www.F-Secure.com
> >> > >
> >> > >   F-Secure products: Security for the mobile, distributed
> >> > >   enterprise
> >> > > __________________________________________________
> >> > >
> >> > >
> >>
> >>
> >
> >
> >
> >
>