Loading ...
Sorry, an error occurred while loading the content.

FW: Technical Staff Computer Virus Alert--SELF-PROPAGATING 911 SC RIPT

Expand Messages
  • Bell, Elizabeth
    Message 1 of 1 , Apr 3, 2000
      > -----Original Message-----
      > From: Conley, Robin
      > Sent: Monday, April 03, 2000 9:36 AM
      > To: All - NIP; All - NIP Contractors
      > Subject: FW: Technical Staff Computer Virus Alert--SELF-PROPAGATING
      > 911 SCRIPT
      > Importance: High
      > Please do not respond to this e-mail. This is all the information I have.
      > -----Original Message-----
      > From: CDC All-Hands Virus Alert
      > Sent: Monday, April 03, 2000 7:05 AM
      > To: CDC ISSO/IRMO Virus Notification; CDC LAN Administrators; Zebehazy,
      > Julius (Bud); Schmanski, Leonard
      > Subject: Technical Staff Computer Virus Alert--SELF-PROPAGATING 911
      > SCRIPT
      > Importance: High
      > From SANS:
      > At 8:00 am on Saturday, April 1 (This is not an April Fool's joke!)
      > the FBI announced it had discovered malicious code wiping out the data on
      > hard drives and dialing 911. This is a vicious virus and needs to
      > be stopped quickly. That can only be done through wide-scale
      > individual action. Please forward this note to everyone who you
      > know who might be affected.
      > The FBI Advisory is posted at http://www.nipc.gov/nipc/advis00-038.htm
      > The 911 virus is the first "Windows shares virus." Unlike recent
      > viruses that propagate though eMail, the 911 virus silently jumps
      > directly from machine to machine across the Internet by scanning
      > for, and exploiting, open Windows shares. After successfully
      > reproducing itself in other Internet-connected machines
      > (to assure its continued survival) it uses the machine's modem to
      > dial 911 and erases the local machine's hard drive. The virus is
      > operational; victims are already reporting wiped-out hard drives.
      > The virus was launched through AOL, AT&T, MCI, and NetZero in the
      > Houston area. The investigation points to relatively limited
      > distribution so far, but there are no walls in the Internet.
      > -----------------
      > Action 1: Defense
      > -----------------
      > Verify that your system and those of all your coworkers, friends, and
      > associates are not vulnerable by verifying that file sharing is
      > turned off.
      > * On a Windows 95/98 system, system-wide file sharing is managed by
      > selecting My Computer, Control Panel, Networks, and clicking on the
      > File and Print Sharing button. For folder-by-folder controls, you
      > can use Windows Explorer (Start, Programs, Windows Explorer) and
      > highlight a primary folder such as My Documents and then right mouse
      > click and select properties. There you will find a tab for sharing.
      > * On a Windows NT, check Control Panel, Server, Shares.
      > For an excellent way to instantly check system vulnerability, and for
      > detailed assistance in managing Windows file sharing, see: Shields
      > Up! A free service from Gibson Research (http://grc.com/)
      > -------------------
      > Action 2: Forensics
      > -------------------
      > If you find that you did have file sharing turned on, search your
      > hard drive for hidden directories named "chode", "foreskin", or
      > "dickhair" (we apologize for the indiscretion - but those are the
      > real directory names). These are HIDDEN directories, so you must
      > configure the Find command to show hidden directories. Under the
      > Windows Explorer menu choose View/Options: "Show All Files".
      > If you find those directories: remove them.
      > And, if you find them, and want help from law enforcement, call the
      > FBI National Infrastructure Protection Center (NIPC) Watch Office
      > at 202-323-3204/3205/3206. The FBI/NIPC has done an extraordinary
      > job of getting data out early on this virus and deserves both kudos
      > and cooperation.
      > You can help the whole community by letting both the FBI and
      > SANS (intrusion@...) know if you've been hit, so we can
      > monitor the spread of this virus.
      > --------------
      > Moving Forward
      > --------------
      > The virus detection companies received a copy of the code for the
      > 911 Virus early this morning, so keep your virus signature files
      > up-to-date.
      > We'll post new information at www.sans.org as it becomes available.
      > Prepared by:
      > Alan Paller, Research Director, The SANS Institute
      > Steve Gibson, President, Gibson Research Corporation
      > Stephen Northcutt, Director, Global Incident Analysis Center
    Your message has been successfully submitted and would be delivered to recipients shortly.