[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Virus Warning



PureBytes Links

Trading Reference Links


Copied and pasted from another list I'm on.

Robert




  Wild Worm With Pro-Linux Message

Yet another new worm is wiggling its wicked way across computer
networks. Written by a cracker who appears to be taking on the role
of an avenging pro-Linux penguin, this worm does no real damage
to computers.

It's more likely to wound the psyche of its more delicate victims by
displaying text messages calling them "idiots," and speculating on
whether they are smart enough to reverse the worm's effects.

The worm also suggests that its sufferers should switch to the
Linux operating system. Named "Creative," the worm has several
aliases, including Prolin, Shockwave, W32/Prolin@xx,
TROJ_SHOCKWAVE, and TROJ_PROLIN.

The worm was first found on Thursday when computer security firm
F-Secure received e-mail notification of Creative's existence from an
anonymous tipster in Germany. The worm arrives in an e-mail
message with a header that says "A great Shockwave flash movie."

The text of the message recommends that the recipient "Check out
this new flash movie that I downloaded just now ... It's Great. Bye."

If the recipient does click on the "CREATIVE.EXE" attachment, the
worm file is executed. It then proceeds to use Microsoft Outlook to
send itself to everyone listed in the original recipient's address book.
It also adds itself to the Windows startup directory, so that it auto-
launches when the computer is booted.

...But the worm's job isn't quite complete just yet. Creative continues
to merrily muck around with the contents of the infected hard drive,
moving all files with either dot-zip or dot-jpg extension to the root
directory of the drive, and appending the following text to the file's
name: change at least now to LINUX.

It also creates a text file "c:messageforu.txt," that contains the
following words of wisdom: "Hi, guess you have got the message. I
have kept a list of files that I have infected under this. If you are
smart enough just reverse back the process.

...I could have done far better damage, I could have even completely
wiped your hard disk. Remember this is a warning & get it sound and
clear...
-- The Penguin"

THIS JUST MORE OR LESS A REPEAT OF THE ABOVE FROM WIRED NEWS.

http://www.wired.com/news/technology/0,1282,40457,00.html?tw=wn20001202