SpicaBooks.Com/Computers_Virus.html 8 Jun 04

New worm packs double punch by Lisa M. Bowman, ZDNet News, December 3, 1999 Anti-virus companies are scrambling to fix a potentially malicious worm masquerading as a Y2K glitch that packs a double-punch. The W32/Mypics.worm comes in an e-mail without a subject line and contains a message that reads "Here's some pictures for you!" At first, the worm acts like Melissa, immediately sending itself to as many as 50 listings in a user's Outlook address book. The mass-mailing will not be triggered if the virus recipient doesn't use Outlook. But the e-mail also contains an executable attachment, labeled Pics4You.exe, which infects the user's PC with the worm if it is opened. Once opened, on Jan. 1, 2000, the worm also overwrites part of the hard drive of the infected PC. If that PC is rebooted anytime after the New Year, the worm has the potential to completely reformat the hard drive, causing a loss of data. The glitch will try to disguise itself as a Y2K problem. The worm also changes the home page of Internet Explorer users to a Geocities (NASDAQ:GCTY) Web page containing a visitor counter and the words "Dave's Web Page: Brought to You By the Cave!" The site also contains a link to adult content. 5,000 visitors to Dave's Web Page It's unclear whether the creator of Web page is related to the worm's distribution or creation, according to anti-virus researchers. As of Thursday night, the site had logged more than 3,000 visitors. That number had increased to more than 5,000 Friday morning. Some of those hits may come from people affected by Mypics, but others could be from people who've heard about the worm and are merely curious. Researchers at Symantec Corp.'s (NASDAQ:SYMC) AntiVirus Research Center said they will have new software to combat the worm on their site sometime Friday. Marian Merrit, a group product manager for Symantec's Norton AntiVirus software, said researchers had rated the worm a medium risk. "We didn't want people to run around and get hysterical," she said. However, she said MyPics could be upgraded to a higher risk category as the company gets more reports of it. Merritt also called MyPics the "scariest" Y2K-related worm or virus she's seen so far. In recent months, researchers have discovered several other viruses created to take advantage of the date change. Trojan.polyglot was sent out in September, purporting to be a Microsoft Corp. e-mail touting a Y2K fix. If a person installed the virus, it could steal information from their computer. However, there have been few reports of it. But people have seen worm.fix200, which comes with an e-mail containing the subject line "Internet problem year 2000" and a message in Spanish urging people to update their Y2K software. An attachment in the e-mail could overwrite a user's hard drive. Still, Carey Nachenberg, Chief Researcher at Symantec's AntiVirus Research Center, said he hasn't seen as many Y2K-inspired viruses and worms as he expected. "There's been very little activity," he said. "People have been very calm."

New, fast-spreading email virus found A virulent new kind of computer virus triggered simply by opening an infected email message has been discovered. The virus, dubbed "Bubbleboy," strikes a Seinfeld theme, changing the registered owner of the victim's computer to "Bubbleboy," a reference to an episode of the former popular TV show. There are other references to the show in the program: Users' company information is changed to "Vandelay Industries," and "Soup Nazi" also appears in the source code. It appears in mailboxes with the subject line "Bubbleboy is back." The new virus requires that a user be running Microsoft's Outlook email program, Windows 95, 98, or 2000, and Internet Explorer 5.0 or higher. It targets a security hole for which Microsoft has already created a fix, but which many users still have yet to use, researchers say. The URL for the download: (if the first one does not work, try the others) * download.cnet.com/downloads/0-10058-101-915101.html * download.cnet.com/ * cnet.com/ Script.typlib and Eyedog Security Update for IE Description This patch eliminates two security vulnerabilities in Internet Explorer 4.0 and 5.0. The patch will also protect Outlook users from the Bubbleboy virus. This issue involves two ActiveX controls, scriptlet.typelib and Eyedog. The net effect of the vulnerabilities is that a Web page could be used to take unauthorized action against a person who visited that page. Specifically, a person would be able to use the Web page to do anything on the visitor's computer that the visitor could do. Company: Microsoft Corp. Release date: August 31, 1999 File size: 108K Approx. download time: less than 1 min. at 28.8 kbps Downloads: 180,896 License: Free Minimum requirements: Windows 95/98/NT 4.0 (x86), Internet Explorer 4.0 or 5.0. While you are at Cnet.com, check out the other free and shareware programs - there are many, including fun ones! As long as we are on the topic of viruses, keep the following in your files and send it to those people who spread those annoying hoaxes around the Net. Viruses and Hoaxes There are a surprising number of false viruses and hoax messages that get circulated through e-mail. If you receive one of these messages be sure and check to see if it is real or a hoax by visiting one of the many websites for that purpose. Do not proliferate yet more email of this type without first checking the validity. It's a good idea to protect yourself with antivirus software too. The following sites have good information on new and existing viruses (including hoaxes): Learn the truth behind those michevious warnings that people email you. * www.cnb.uam.es/~dio/Informacion/direcciones_internet/ CIAC%20Internet%20Hoaxes.html USA Dept. of Energy Computer Incident Advisory Capability (CIAC)... be sure the URL address is all on one line - copy and paste twice... Urban Myths and Legends on the Internet * urbanlegends.miningco.com/library/blhoax.htm Virus Myths * www.antivirus.com/vinfo/virusencyclo/default.asp * www.kumite.com/myths/ * www.symantec.com/avcentre/ * www.mcaffee.com/ * www.drsolomon.com/vircen/ You can also go to profusion.com (or another multi-search engine) and enter "internet hoaxes". ~ ~ ~ Dear Member, Thank you for reporting the hyperlink you received. We will review your report and take appropriate action. Hyperlinks often lead to web pages, and it is possible for you to download a virus from a web page. Viruses can be encrypted into the web page, which your computer automatically downloads when you view the page. Therefore it is advisable NEVER to click on hyperlinks from someone you do not know and trust. If you are using the 4.0 version of AOL, you may view a hyperlink's location by placing your cursor over the hyperlink. A yellow bar will appear giving the hyperlink's internet address, or will inform you that the hyperlink is linked to an AOL site. You may download a preview version of AOL 4.0 for Windows at keyword <A HREF="aol://1722:aol%204.0"> PREVIEW</A>. You may set "Web Preferences" to block yourself from visiting web pages with encrypted viruses, or to alert you that you are entering a secured or unsecured web page. To set Web Preferences, go to keyword <A HREF="aol://4344:1225.mymain.6935573.560703915"> PREFERENCES</A>. Click on "Preferences Guide", then on "The Web." After reading the information, click on "Set up Now," then select the "Security" tab on the next screen. For 4.0 users, click on the "Safety Level" button, and choose the "High" level security option. For 3.0 users, make sure that you "check off" the various appropriate boxes to alert you about the different web sites you may visit. In the future, if you receive a hyperlink via Instant Message which you wish to report, please click on the "NOTIFY AOL" button on the bottom of the Instant Message screen. Follow the directions for filling out the pop-up form that appears on your screen, then click on "Send Report." If you receive a hyperlink you wish to report via email from an AOL member, please forward the email using the "forward" icon to the screen name: TOSEMail 1. If you receive a hyperlink from an Internet user, please forward the mail to the postmaster on the sender's server. You may block or allow IMs from specific members at keyword <A HREF="aol://1722:buddy"> BUDDY</A>. Click on "Privacy Preferences" and customize your IM needs using the options listed. Please note, you must choose to apply your preferences to both your "Buddy List and Instant Message" features, and the preferences you set for your IMs will also apply to your Buddy Chat Invitations. You may block yourself from appearing on other members' Buddy Lists in the same area. When you are finished setting your preferences, click on "Save." You can block mail at keyword <A HREF="aol://4344:1204.MAILcont.9387123.569864034"> MAIL CONTROLS</A> - you must be signed on with the master account screen name. At keyword <A HREF="aol://4344:1204.MAILcont.9387123.569864034"> MAIL CONTROLS</A> you may block mail from particular screen names, block mail entirely or selectively from the internet, or choose from several other options that are listed for you. Please visit keyword <A HREF="aol://4344:2452.wachmain.26152392.564941300"> NEIGHBORHOOD WATCH</A> and keyword <A HREF="aol://4344:1260.victop.10031413.570456291"> VIRUS</A> for more information on account security. Thank you again for reporting this information to us. Please note, this screen name cannot accept replies. Therefore, if you have any comments or questions please send mail to <A HREF="mailto:TOSGeneral">TOSGeneral</A>. Regards, Carlos - Community Action Team - America Online, Inc.

back to Software