[COMP] Heads Up...Another Virus!!!
- From: CRAZYDOVE@xxxxxxx
- To: CRAZYDOVE@xxxxxxx
- Date: Sat, 4 Dec 1999 09:20:29 EST
** NORTON ANTIVIRUS EMERGENCY NEWS BULLETIN - VIRUS ALERT! **
=============================================================
December 3, 1999
_____________________________
WARNING! New Y2K virus spreads through email!
W32.Mypics.Worm is a new, destructive Y2K worm virus. It comes into
your system as an email attachment disguised as a picture. The worm
propagates automatically on Windows 9x and Windows NT platforms and
has a destructive payload that triggers in the year 2000. It also
changes the Home page in Internet Explorer to a site containing adult
content.
*** THIS VIRUS SHOULD BE CONSIDERED DANGEROUS!
Do NOT open an email attachment named Pics4You.exe. ***
To ensure that your system is protected against this new virus, you
must update your detection definitions.
*** Monitor the site
http://www.symantec.com/techsupp/vURL.cgi/nav23
for notice when the virus definitions have been updated and for full
details on this destructive virus. ***
W32/MYPICS.WORM Y2K VIRUS DESCRIPTION:
* A new, destructive Y2K virus has been discovered that disguises
itself as a Y2K problem. W32/Mypics.worm is a computer worm that is
received as an email attachment disguised as a picture.
* Once it infects the host computer it attempts to send itself
using Microsoft Outlook to up to 50 people in the usersâ?? Microsoft
Outlook address book. It also changes the Home page in Internet
Explorer to a site containing adult content.
* Additionally, on Jan.1, 2000, the worm will overwrite the
checksum data in the host computerâ??s CMOS memory so when the system
is rebooted the user will think that there may be a Y2K related
problem with the computerâ??s BIOS. Once the computer is restarted the
virus will attempt to format the local hard drives and erase all data.
CHARACTERISTICS OF INFECTION:
* W32/Mypics.worm arrives in an e-mail, with no subject line. The
body of the message reads, "Hereâ??s some pictures for you!" The e-
mail message contains a "Pics4You.exe" attachment that is
approximately 34,304 bytes in size.
* Once the user opens the attachment, the worm loads itself into
memory and executes by sending out copies of itself attached to e-
mails addressed to up to 50 people in the users address list.
* In addition, it modifies the system registry to load its dropped
file "cbios.com" on system startup and also changes the userâ??s home
page in Internet Explorer to
http://www.geocities.com/SiliconValley/Vista/8279/index.html
a site that contains some adult content.
* On Jan. 1, 2000 or on any day during the year 2000, the worm
writes to the computers CMOS memory to invalidate the system
integrity or checksum data. The next time the system is rebooted, the
user will be warned that the "CMOS checksum is invalid," making the
user believe that it is a Y2K problem, not a computer worm. After
validating the CMOS data the computer will continue to boot and if
the file â??cbios.comâ?? is located in the root directory of the C drive,
the virus will silently load itself and then completely reformat the
D: and C: local hard drives.
VIRUS RATING:
Medium/High Risk
RECCOMENDATIONS/PROTECTION:
* Do not attempt to open the attached document.
* Download new definitions set. This will be available late
December 3, 1999, through Symantecâ??s LiveUpdate feature or from the
Symantec Web site at www.symantec.com/avcenter/download.html. Update
virus anti-virus software to ensure protection against both variants.
========================================
Avenir Web's Computers Mailing List
List Modes, Subscription, and General Info:
Go to http://avenir.dhs.org/mailing.html
List Archives: http://avenir.dhs.org/archives/
Administrative Contact: webmaster@xxxxxxxxxxxxxx
Get computer help: http://avenir.dhs.org
========================================
Other related posts:
- » [COMP] Heads Up...Another Virus!!!
