[Previous Months][Date Index][Thread Index][Join - Register][Login]
[Message Prev][Message Next][Thread Prev][Thread Next]

[IP] Virus alert



The Christmas Grinch has struck again! A number of people have gotten 
personal email messages with a file attached. If you are using Outlook 
Express as your mailer, it will capture your address book and email the 
virus out to people on your list without your knowledge. If you get unknown 
or suspicious email, the safest course of action is to delete it. Then, 
check your system for viruses.

Below is the description of the virus from the web site of one of the virus 
scanner companies. Or, see http://vil.mcafee.com/vil/wm10475.asp

Sam Skopp
One of Santa's helpers

==============================================================================
Virus Characteristics
This worm has been reported to AVERT in several countries during the week 
of December 13, 1999. The worm arrives by email and depending on if the 
email application supports HTML email body content or not, one of two 
messages is displayed.

If HTML is supported, the message content looks like this:

 >http://stuart.messagemates.com/index.html
 >
 >Hypercool Happy New Year 2000 funny programs and animations...
 >We attached our recent animation from this site in our mail ! Check it out

---------------------------------------------------------------
If the email client does not support HTML, the email message will have this 
content:

 >he, your lame client cant read HTML, haha.
 >click attachment to see some stunningly HOT stuff

The email contains an attachment of a randomly selected name from the 
following list:
baby.exe
bboy.exe
boss.exe
casper.exe
chestburst.exe
cooler1.exe
cooler3.exe
copier.exe
cupid2.exe
farter.exe
fborfw.exe
goal.exe
goal1.exe
g-zilla.exe
irngiant.exe
hog.exe
monica.exe
panther.exe
panthr.exe
party.exe
pirate.exe
s.exe
saddam.exe
theobbq.exe
video.exe

Please note that the file is not a "messagemates" game program and is not 
related to the web site listed in the email message! Messagemates.com has 
issued a notice about this also on their web site at this location: 
http://stuart.messagemates.com/notice.htm

If this worm is run, a "dummy" error message is displayed with the text:

 >The dinamic link library giface.dll could not be found in the specified path
 >(list of directory names)

The machine is then checked for the installation of MS Outlook Express. If 
found, two files are written in the c:\windows folder:

mma. - contains a listing of email addresses
mmail. - contains the directory of MS Outlook Express The list of email 
addresses is captured by checking all folders in Outlook Express.

----------------------------------------------------------
for HELP or to subscribe/unsubscribe, contact: HELP@insulin-pumpers.org
send a DONATION http://www.Insulin-Pumpers.org/donate.shtml