-Caveat Lector-
*** ... far and wide. ***
E-mail Virus Set for New Year's Day
Bug Expected to Duplicate, Erase Hard Drives
Dec. 3, 1999
By David Noack
CUPERTINO, Calif. (APBnews.com) -- A
destructive new e-mail virus,
which is designed to erase all the data on a
computer's hard drive, is set
for New Year's Day, computer experts warn.
The virus, dubbed W32.Mypics.Worm, which was
discovered Thursday,
affects Windows 95, Windows 98 and Windows NT
systems and has a
destructive payload that triggers at midnight
Dec. 31.
"Computer Associates has identified this worm
as having been specifically
designed to cause significant damage in the
year 2000," said Simon Perry,
the company's eTrust business manager. "As the
year 2000 quickly
approaches, we are starting to see an increased
frequency of dangerous
viruses."
Appears to have stopped working
Experts said the worm spreads by
automatically sending itself to as many as 50
people in the Outlook e-mail address book.
The subject line is empty, and the body of the
e-mail reads, "Here's some pictures for you!"
The e-mail will also contain a worm program
attachment named pics4you.exe (34,304
bytes).
It attempts to trick the user into believing
that
the attachment contains images. When the
attachment is opened, the program will not
display any images and simply seems to have
stopped working.
However, the worm will become housed in memory
and will e-mail itself to
as many as 50 people. The worm will also adjust
the home page setting of
the Microsoft Internet Explorer browser to a
personal Web site at
geocities.com, which experts say may then link
to an adult site.
Initial problem can be corrected
The Windows registry will also be modified and
changed to load the worm
in memory every time the computer system is
rebooted. As a result, the
worm will always be present in the computer.
The worm carries two payloads that mimic a Y2K
problem.
First, the worm monitors the system clock and
when it detects the year is
2000, the worm will modify the system BIOS. On
the next reboot, the
computer will display a message such as "CMOS
Checksum Invalid" and
prevent the computer from booting.
But this problem supposedly can be corrected by
going into the BIOS
setup.
Worm is 'in the wild'
After the BIOS settings are corrected, the worm
will execute its second
payload and will format the hard drive.
Computer security experts have classified the
virus as a moderate to high
risk and have posted software on their Web
sites to prevent users from
catching the malicious code. The virus, say the
experts, is "in the wild,"
meaning that it can be sent to unsuspecting
computer users.
Perry said it's important for computer users to
visit their anti-virus vendor
sites and ensure that their anti-virus software
is up-to-date in order to
remain safe from attack.
David Noack is an APBnews.com staff writer
([EMAIL PROTECTED]).
©Copyright 1999 APB Multimedia
Inc. All rights reserved.
http://www.apbnews.com/newscenter/internetcrime/1999/12/03/y2kvirus1203_01.html
Bard
DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance—not soapboxing! These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
