READ ME - VIRUS LOVERS SPECIAL
Johnathon M. Clune
clune
Fri Feb 16 15:13:42 CST 2001
People on this list are supposed to be intelligent, future rulers of the world types. Please, for the love of all things holy, stop running executable files sent to you via email. The virus that is bombarding the list is not coming from the outside (at least not any longer). When executed, the virus infects the winsocks files on Windows machines. When any email is sent from an infected computer the virus sends a copy of the "Snow White" email to the persons of the same address... hence the reason why the list gets so many damned hits from it.
There are two ways to prevent this from happening:
1). Get a damned anti-virus program. You can get free ones. I use Norton. You have to pay for it but it is a quality product.
2). Don't be idiots and open emailed files. Unless it is a file that cannot contain viruses... i.e. a *.txt file, a *.jpg, etc. Only open files that are not executible (i.e. non *.bat, *.exe, *.com), non-script files (i.e. non *.vbs, *.pl, etc), or files susceptible to macro viruses (i.e. *.doc, *.xcl, etc.).
This virus is fairly innocuous, albeit annoying. If you continue to open unsigned attachments you risk a loss of data and damage to the hardware of your computer (i.e.- Chernobyl type BIOS flash viruses distributed within *.exe files). Opening attachments from individuals you know is also a risk. It is likely, given the number of people currently infected with this virus, that many of you do not use AV software. Thus, it is likely that a large chunk of shit trailing emails is inadvertently malicious. ALAWYS CHECK ALL DOWNLOADED FILES BEFORE OPENING.
Thanks,
Clune
P.S. - If you would like to read up on this virus check out:
http://www.sophos.com/virusinfo/analyses/w32hybrisc.html
W32/Hybris-C is a worm capable of updating its functionality over the internet.
It consists of a base part and a collection of upgradeable components. The components are stored within the worm body encrypted with 128-bit strong cryptography.
When run, the worm infects WSOCK32.DLL. Whenever an email is sent, the worm attempts to send a copy of itself as an attachment to a separate message to the same recipient.
Any other behaviour exhibited by the worm is entirely dependent on the set of installed components. The effects of components known to Sophos at the time of writing are described below.
The text of the email message is determined by one of the installed components, and hence can be changed by the upgrading mechanism detailed below.
Consequently the message can have any subject, any message text and any filename for the attached file.
A common component of the worm checks the language settings of the computer it has infected, and selects a message accordingly from:
English
Subject:
Snowhite and the Seven Dwarfs - The REAL story!
Message text:
polite with Snowhite. When they go out work at mornign, they promissed a *huge* surprise. Snowhite was anxious. Suddlently, the door open, and the Seven Dwarfs enter...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ndtceda.com/pipermail/edebate/attachments/20010216/3e9ae5d1/attachment.htm
More information about the Mailman
mailing list