Loading ...
Sorry, an error occurred while loading the content.

[medieval-leather] FW: W2Knews[tm] R U S H - K I L L E R V I R U S A L E R T!

Expand Messages
  • Gregory Stapleton
    This is an EXTREEMELY dangerous, verified virus. Please take all percautions. ... From: nt-list-admin@lyris.sunbelt-software.com
    Message 1 of 1 , Apr 2, 2000
    • 0 Attachment
      This is an EXTREEMELY dangerous, verified virus. Please take all
      percautions.



      -----Original Message-----
      From: nt-list-admin@...-software.com
      [mailto:nt-list-admin@...-software.com]
      Sent: Saturday, April 01, 2000 4:35 PM
      To: Latest Win NT/2000 News
      Subject: W2Knews[tm] R U S H - K I L L E R V I R U S A L E R T!


      W2Knews[tm] (the original NTools E-News) Electronic Newsletter
      Vol. 5, #15- April 3, 2000
      Published by sunbelt-software.com since 1996 - ISSN: 1527-3407
      'Immediate Notification Of Important Windows NT/2000 Events'
      ******************* over 600,000 SUBSCRIBERS*****************

      R U S H - K I L L E R V I R U S A L E R T!

      Hi Everybody, I received this from a very reliable source (SANS)
      when 25% of the newsletter had been sent. I decided to interrupt
      the job, and resend it. I hope it arrives early enough for you.

      R U S H - K I L L E R V I R U S A L E R T!

      At 8:00 am on Saturday, April 1 (This is not an April Fool's joke!)
      the FBI announced it had discovered malicious code wiping out the data
      on hard drives and dialing 911. This is a vicious virus and needs to
      be stopped quickly. That can only be done through wide-scale individual
      action. Please forward this note to everyone who you know who might
      be affected.

      The FBI Advisory is posted at http://www.nipc.gov/nipc/advis00-038.htm

      The 911 virus is the first "Windows shares virus." Unlike recent
      viruses that propagate though eMail, the 911 virus silently jumps
      directly from machine to machine across the Internet by scanning
      for, and exploiting, open Windows shares. After successfully
      reproducing itself in other Internet-connected machines
      (to assure its continued survival) it uses the machine's modem to
      dial 911 and erases the local machine's hard drive. The virus is
      operational; victims are already reporting wiped-out hard drives.
      The virus was launched through AOL, AT&T, MCI, and NetZero in the
      Houston area. The investigation points to relatively limited
      distribution so far, but there are no walls in the Internet.

      -----------------
      Action 1: Defense
      -----------------
      Verify that your system and those of all your coworkers, friends, and
      associates are not vulnerable by verifying that file sharing is
      turned off.

      * On a Windows 95/98 system, system-wide file sharing is managed by
      selecting My Computer, Control Panel, Networks, and clicking on the
      File and Print Sharing button. For folder-by-folder controls, you
      can use Windows Explorer (Start, Programs, Windows Explorer) and
      highlight a primary folder such as My Documents and then right mouse
      click and select properties. There you will find a tab for sharing.

      * On a Windows NT, check Control Panel, Server, Shares.

      For an excellent way to instantly check system vulnerability, and for
      detailed assistance in managing Windows file sharing, see: Shields
      Up! A free service from Gibson Research (http://grc.com/)

      -------------------
      Action 2: Forensics
      -------------------
      If you find that you did have file sharing turned on, search your
      hard drive for hidden directories named "chode", "foreskin", or
      "dickhair" (we apologize for the indiscretion - but those are the
      real directory names). These are HIDDEN directories, so you must
      configure the Find command to show hidden directories. Under the
      Windows Explorer menu choose View/Options: "Show All Files".

      If you find those directories: remove them.

      And, if you find them, and want help from law enforcement, call the
      FBI National Infrastructure Protection Center (NIPC) Watch Office
      at 202-323-3204/3205/3206. The FBI/NIPC has done an extraordinary
      job of getting data out early on this virus and deserves both kudos
      and cooperation.

      You can help the whole community by letting both the FBI and
      SANS (intrusion@...) know if you've been hit, so we can
      monitor the spread of this virus.

      --------------
      Moving Forward
      --------------
      The virus detection companies received a copy of the code for the
      911 Virus early this morning, so keep your virus signature files
      up-to-date. We'll post new information at www.sans.org as it
      becomes available.

      Prepared by:
      Alan Paller, Research Director, The SANS Institute
      Steve Gibson, President, Gibson Research Corporation
      Stephen Northcutt, Director, Global Incident Analysis Center
    Your message has been successfully submitted and would be delivered to recipients shortly.