[COMP] New Virus Alert
- From: CRAZYDOVE@xxxxxxx
- To: CRAZYDOVE@xxxxxxx
- Date: Tue, 7 Dec 1999 21:30:05 EST
December 7, 1999
_____________________________
THIS IS A VIRUS ALERT ON W95.BABYLONIA and on W32.HLLP.Soft6.
W95.Babylonia should be considered DANGEROUS!
W32.HLLP.Soft6 is of lesser risk.
Monitor the site
http://www.symantec.com/techsupp/vURL.cgi/nav25
for notice when the virus definitions have been updated and for full
details on W95.Babylonia. Updating for one will protect you from BOTH
viruses!
**** PLEASE NOTE:
SARC anticipates that the rest of 1999 will be rife with new, highly
destructive viruses. Please be aware that Symantec will continue to
post notices of the most destructive viruses so you may better
protect yourself. The best protection is to update your definitions
at least weekly, if not daily. ****
DESCRIPTION OF W95.BABYLONIA
W95.Babylonia was discovered on Dec 6, 1999. The virus was created by
a member of the 29A virus writing group. It was originally posted to
an Internet news group as a Windows Help file named serialz.hlp, and
appeared to be a list of serial numbers for commercial software. When
this Windows help file is launched, it will introduce the virus into
the computer system. Symantec AntiVirus Research Center (SARC) has
received over 20 submissions of this new virus as of Dec 6, and
believes it to be spreading rapidly worldwide.
W95.Babylonia is a very complex virus that propagates mainly to other
computer users via MIRC. MIRC is a text based communication
application used to chat over the Internet. When an infected user
logs onto MIRC, it will automatically send the virus to everyone
within the same MIRC chat room as the infected user. The virus will
be sent as a Y2K bug fix. Once this file (Y2K bug fix) is executed,
it will infect other 32-bit EXE program files as well as Windows Help
files.
The virus will try to modify the system to display the following
message when booting the infected computer:
W95/Babylonia by Vecna (c) 1999
Greetz to RoadKil and VirusBuster
Big thankz to sok4ever webmaster
Abracos pra galera brazuca!!!
---
Eu boto fogo na Babilonia!
The virus will also send an email to babylonia_counter@xxxxxxxxxxx to
track infected computers.
The most interesting part of the virus is the ability to download the
viral components of the virus from the Internet. When the virus is
executed, the virus will wait for an Internet connection. When it
detects that the computer can access the Internet, it will download
several files from a web server in Japan. Because the virus has such
capability, it is possible for the virus writer to update the virus
centrally.
RECOMMENDATIONS/PROTECTION:
* Download new definitions set. This will be available late
December 7, 1999, through Symantecâ??s LiveUpdate feature or from the
Symantec Web site at www.symantec.com/avcenter/download.html.
****
DESCRIPTION OF W32.HLLP.Soft6
W32.HLLP.Soft6 is a Windows NT specific worm that propagates over
Windows NT networks and displays a large message "Hi 2000!" on the
screen. This message is very large and very noticable. SARC believes
this worm probably cannot spread to different corporations quickly
because it only spreads via network and does not spread via email.
Remember, monitor the SARC site for info on W95.Babylonia. When
updates are ready, updating for one protects you from both.
========================================
Avenir Web's Computers Mailing List
List Modes, Subscription, and General Info:
Go to http://avenir.dhs.org/mailing.html
List Archives: http://avenir.dhs.org/archives/
Administrative Contact: webmaster@xxxxxxxxxxxxxx
Get computer help: http://avenir.dhs.org
========================================
Other related posts: