-Caveat Lector- *** ... far and wide. *** E-mail Virus Set for New Year's Day Bug Expected to Duplicate, Erase Hard Drives Dec. 3, 1999 By David Noack CUPERTINO, Calif. (APBnews.com) -- A destructive new e-mail virus, which is designed to erase all the data on a computer's hard drive, is set for New Year's Day, computer experts warn. The virus, dubbed W32.Mypics.Worm, which was discovered Thursday, affects Windows 95, Windows 98 and Windows NT systems and has a destructive payload that triggers at midnight Dec. 31. "Computer Associates has identified this worm as having been specifically designed to cause significant damage in the year 2000," said Simon Perry, the company's eTrust business manager. "As the year 2000 quickly approaches, we are starting to see an increased frequency of dangerous viruses." Appears to have stopped working Experts said the worm spreads by automatically sending itself to as many as 50 people in the Outlook e-mail address book. The subject line is empty, and the body of the e-mail reads, "Here's some pictures for you!" The e-mail will also contain a worm program attachment named pics4you.exe (34,304 bytes). It attempts to trick the user into believing that the attachment contains images. When the attachment is opened, the program will not display any images and simply seems to have stopped working. However, the worm will become housed in memory and will e-mail itself to as many as 50 people. The worm will also adjust the home page setting of the Microsoft Internet Explorer browser to a personal Web site at geocities.com, which experts say may then link to an adult site. Initial problem can be corrected The Windows registry will also be modified and changed to load the worm in memory every time the computer system is rebooted. As a result, the worm will always be present in the computer. The worm carries two payloads that mimic a Y2K problem. First, the worm monitors the system clock and when it detects the year is 2000, the worm will modify the system BIOS. On the next reboot, the computer will display a message such as "CMOS Checksum Invalid" and prevent the computer from booting. But this problem supposedly can be corrected by going into the BIOS setup. Worm is 'in the wild' After the BIOS settings are corrected, the worm will execute its second payload and will format the hard drive. Computer security experts have classified the virus as a moderate to high risk and have posted software on their Web sites to prevent users from catching the malicious code. The virus, say the experts, is "in the wild," meaning that it can be sent to unsuspecting computer users. Perry said it's important for computer users to visit their anti-virus vendor sites and ensure that their anti-virus software is up-to-date in order to remain safe from attack. David Noack is an APBnews.com staff writer ([EMAIL PROTECTED]). ©Copyright 1999 APB Multimedia Inc. All rights reserved. http://www.apbnews.com/newscenter/internetcrime/1999/12/03/y2kvirus1203_01.html Bard DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om