Return-Path: <sentto-279987-4019-1007565429-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 05 Dec 2001 07:18:08 -0800 (PST) Received: (qmail 20126 invoked by uid 510); 5 Dec 2001 15:17:33 -0000 Received: from n6.groups.yahoo.com (216.115.96.56) by all.net with SMTP; 5 Dec 2001 15:17:33 -0000 X-eGroups-Return: sentto-279987-4019-1007565429-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.191] by n6.groups.yahoo.com with NNFMP; 05 Dec 2001 15:17:10 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_2); 5 Dec 2001 15:17:08 -0000 Received: (qmail 43037 invoked from network); 5 Dec 2001 15:16:53 -0000 Received: from unknown (216.115.97.172) by m5.grp.snv.yahoo.com with QMQP; 5 Dec 2001 15:16:53 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta2.grp.snv.yahoo.com with SMTP; 5 Dec 2001 15:16:52 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fB5FGth01909 for iwar@onelist.com; Wed, 5 Dec 2001 07:16:55 -0800 Message-Id: <200112051516.fB5FGth01909@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 5 Dec 2001 07:16:55 -0800 (PST) Subject: [iwar] [fc:"Pentagone".virus.spreads.rapidly] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit "Pentagone" virus spreads rapidly By Robert Lemos Staff Writer, CNET News.com December 4, 2001, 10:50 a.m. PT A mass-mailing e-mail worm started to spread quickly Tuesday, prompting anti-virus software makers to advise their customers to upgrade their virus definitions. Dubbed Pentagone, Goner or Gone, the Visual Basic Script program spreads via e-mail and the messaging system ICQ. On infected computers, it stops most anti-virus and security programs. "We are kind of seeing it follow the sun at the moment," said Mark Sunner, chief technology officer for e-mail service provider MessageLabs. "It has been waiting in in-trays of people coming into work." MessageLabs has captured more than 16,000 e-mails containing copies of the worm, said Sunner, adding that the rate, now at about 100 messages per minute, is increasing. The worm arrives in a message with the subject "Hi" and the following text in the body of the e-mail: How are you ? When I saw this screensaver, I immediately thought about you I am in a harry, I promise you will love it! Attached to the message is what appears to be a screensaver file, Gone.scr, a compressed copy of the worm. When the file is opened, Pentagone will infect the victim's PC, stopping a variety of anti-virus and security applications and deleting all the files in the folders containing those applications. Kaspersky Labs AVP, Zone Labs' ZoneAlarm, and Internet Security Systems' Black Ice are among the programs affected. After eliminating the security on the computer, the worm then installs a backdoor program linked to mIRC, a popular Internet Relay Chat program. The backdoor can be used to execute denial-of-service attacks against IRC servers. In addition, the virus also attempts to spread using e-mail and ICQ. Anti-virus software makers have been inundated with calls from customers who have been infected or seen copies of the worm. "It is extremely widespread," said April Goostree, virus research manager for McAfee.com. "We are seeing both corporate and home users being hit. We consider it an outbreak because of how fast it's spreading in so short a period." Rival Trend Micro has had about 22 corporate customers complain about the virus and has given it a high threat rating. David Perry, global director of education for TrendMicro, has decided that computer users may never be security-conscious enough to avoid getting infected. "Every time enough time goes by that people forget to be wary of these things, it pops up again," he said. "Apparently, we have to resign ourselves to the fact that education doesn't work." Pentagone isn't the only virus spreading significantly. Variants of the Nimda virus and a variant of the BadTrans virus are topping virus charts this month. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Quit now for Great American Smokeout http://us.click.yahoo.com/0vN8tD/9pSDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST