Hello fellow admin,
I would like to make fellow administrators aware of the Trojan virus:
In a reply to a poster I placed on tru64-unix-managers, I received a
Trojan virus called "zipped_files.exe" which could have disastrous
consequences for Windows (95-NT) users. The sending email address was
probably spoofed but I can supply it to the list manager (Dave Sill).
[JANET CERT (our academic network guys and gals) has issued a warning].
Regards,
Rich
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\
/_/ Richard A Bemrose /_\ Polymers and Colloids Group \_\
/_/ email: rb237_at_phy.cam.ac.uk /_\ Cavendish Laboratory \_\
/_/ Tel: +44 (0)1223 337 267 /_\ University of Cambridge \_\
/_/ Fax: +44 (0)1223 337 000 /_\ Madingley Road \_\
/_/ Mobile: +44 (0)410 168 873 / \ Cambridge, CB3 0HE, UK \_\
/_/_/_/_/_/_/
http://www.poco.phy.cam.ac.uk/~rb237 \_\_\_\_\_\_\_\
"Life is everything and nothing all at once"
-- Billy Corgan, Smashing Pumpkins
---------- Forwarded message ----------
Date: Thu, 10 Jun 1999 21:46:43 +0100
From: John Savill <john_at_savilltech.com>
Reply-To: nt-faq_at_ed-com.com
To: nt-faq_at_ed-com.com
Subject: URGENT Virus "
BE AWARE, a new virus as described below:
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
The subject line is not constant as the message is a reply. The worm
(named "zipped_files.exe") is attached, with a file size of 210,432 bytes.
The file has a Winzip icon which is designed to fool unsuspecting users to
run it as a self-extracting file. User who run this attachment will be
presented with a fake error message that says
"Cannot open file: it does not appear to be a valid archive. If this
file is part of a ZIP format backup set, insert the last disk of the
backup set and try again. Please press F1 for help."
The virus then searches for all files and replaces them with 0 block
files:
.c
.cpp
.h
.asm
.doc
.xls
.ppt
Someone from Dell gave me the virus (I'm NOT happy!) and www.nai.com
<
http://www.nai.com> have a fix.
Wanted to let you know!
John
John Savill MCSE MVP
john_at_savilltech.com
Received on Fri Jun 11 1999 - 08:37:34 NZST