Folks:
I saw a lot of lists passing HAPPY 99 around. Here is a verified
Virus warning just out of the DOD.
Please note references at the end of the message.
Kelvin.
: A new malicious program, which first surfaced in France in late May,
: spread across most of Europe during the weekend of 5/6 June.
: "PrettyPark" should begin spreading on this side of the Atlantic
: in the next few days.
: WHAT'S AFFECTED: Win 95/98/NT
: Malicious Code Name: PrettyPark.Worm
: Aliases: Trojan Horse, W32.PrettyPark
: Characteristics: Trojan Horse, Worm
: WHAT THE TROJAN PROGRAM DOES:
:
: > Attempts to e-mails itself to addressees stored in a user's address
: book every 30 minutes.
:
: > Attempts to establish a communication link through a Internet Relay
: Chat (IRC) channel every 30 seconds, where the compromised PC's data
: could be retrieved covertly.
: DESCRIPTION:
:
: This worm program was originally spread by email from a French email
: address. The attached program file is named "PrettyPark.EXE", and when
: executed, usually displays the Windows 3D pipe screen saver program.
: NOTE: User has to execute the attachment to activate the Trojan.
:
: EVIDENCE OF INFECTION:
:
: > Look in folder \WINDOWS\SYSTEM for file "FILES32.VXD".
: > Examine Registry Key:
: HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
: Infected Key have a value of: > FILES32.VXD "%1" %* <
: Uninfected Key value is: > "%1" %* <
** (Note: >,< used to define data field content)
:
: WHAT DETECTS IT:
:
: > Symantec Norton Antivirus Signature file dated 1 Jun 99 or later
: > Network Associates special Extra.DAT file (refer to McAfee Reference)
: MANUAL WORM REMOVAL PROCEDURE:
:
: 1. Delete WINDOWS\SYSTEM\FILES32.VXD
: 2. Modify following Registry Key:
: HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
:
: from: > FILES32.VXD "%1" %* <
: to: > "%1" %* <
:
: (Note: >,< used to define data field contents)
:
: 3. Delete "Pretty Park.EXE" file (where ever saved).
: 4. Reboot computer.
*************************************************
: E-Mail Guidelines
:
: 1. E-mail is not a reliable software distribution method. Nor can you
: trust e-mail you got was really sent by a friend/relative/coworker.
: Therefore:
If you weren't expecting e-mail with an attachment, delete it.
:
: 2. Home users should buy software from legitimate sources or download it
: directly from vendor's web site.
:
: 3. TRUST NO EMAIL ATTACHMENT.
:
:
: REFERENCES:
:
: Symantec: http://www.sarc.com/avcenter/venc/data/prettypark.worm.html
:
: McAfee:
: http://www.avertlabs.com/public/datafiles/valerts/vinfo/va10184.asp
:
: ZdNet: http://www.zdnet.com/zdnn/stories/news/0,4586,2271326,00.html
:
:
|