[iwar] [fc:Experts.Warn.of.Christmas.Computer.Worm]

• Next message: Fred Cohen: "[iwar] [fc:More.on.Arafat's.Trick.Peace.Initiative]"
• Previous message: Fred Cohen: "[iwar] [fc:*MAJOR.SECURITY.BREACH.AT.CCBILL**]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-4111-1008826003-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 19 Dec 2001 21:30:08 -0800 (PST)
Received: (qmail 23023 invoked by uid 510); 20 Dec 2001 05:27:09 -0000
Received: from n10.groups.yahoo.com (216.115.96.60) by all.net with SMTP; 20 Dec 2001 05:27:09 -0000
X-eGroups-Return: sentto-279987-4111-1008826003-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.187] by n10.groups.yahoo.com with NNFMP; 20 Dec 2001 05:26:43 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 20 Dec 2001 05:26:43 -0000
Received: (qmail 83878 invoked from network); 20 Dec 2001 05:26:42 -0000
Received: from unknown (216.115.97.167) by m6.grp.snv.yahoo.com with QMQP; 20 Dec 2001 05:26:42 -0000
Received: from unknown (HELO red.all.net) (12.232.125.69) by mta1.grp.snv.yahoo.com with SMTP; 20 Dec 2001 05:26:42 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBK5Rt730583 for iwar@onelist.com; Wed, 19 Dec 2001 21:27:55 -0800
Message-Id: <200112200527.fBK5Rt730583@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 19 Dec 2001 21:27:55 -0800 (PST)
Subject: [iwar] [fc:Experts.Warn.of.Christmas.Computer.Worm]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Wednesday December 19 07:13 PM EST 

Experts Warn of Christmas Computer Worm

By Paul Eng ABCNEWS.com

Computer security experts warn 'Zacker,' a new holiday-themed computer
virus is winding its way through the Internet.
    
Computer security experts warn a new holiday-themed computer virus is
winding its way through the Internet today.

The worm, known by several names including W32.Zacker.C and
W32.Maldal.C, is similar to the recent Goner worm in that it attacks
computers that run Microsoft's Windows operating systems and Microsoft's
Outlook e-mail program.

The new worm arrives in an e-mail with the subject line of "Happy New
Year." The body of the message says: "Hii [sic] I can't describe my
feelings. But all i [sic] can say is Happy New Year :) bye."

Attached to the e-mail is a file called "Christmas.exe" which contains
the malicious computer programming. When an unsuspecting recipient opens
the file, the computer displays a holiday greeting showing Santa Claus
and a message that says: "From the heart, Happy new year [sic]!"

As the PC shows the electronic greeting, security experts say the worm
sends copies of itself to all the e-mail addresses stored in the
now-infected computer's Outlook program. The worm will then begin to
delete files - including any anti-virus programs and possibly critical
Windows components - from the computer's hard drive and install
instructions to spread the worm every time the computer is restarted.

The worm also appears to spread through instant chat programs such as
Microsoft's Messenger.


Will It Ruin Christmas? 

Computer security experts don't yet know who crafted the malicious worm
- or even if it will reach outbreak proportions of previous worms such
as Nimda or Code Red. 

Ian Hameroff, director of anti-virus solutions at Computer Associates,
says the company has rated the threat as a medium- to high-risk threat.
"We received several reports across Europe where several thousand
computers have been infected," says Hameroff.

But April Goosetree of anti-virus maker McAfee.com said the company
hasn't heard of any massive outbreak of the worm today either. The
company rates the Zacker worm as a low-level threat.

Still, experts agree that the worm does have potential to rapidly spread
given its apparently benign holiday greeting. "If this is spreading,
it's because of the social aspect - because the file is named
'Christmas,' " says Jerry Freese, director of intelligence for Vigilinx,
a computer security firm. 

Most anti-virus software makers have already developed and released
updates to their security programs to detect and remove the new worm.

Security experts advise users to update their anti-virus programs with
these latest fixes to guard against the new worm. They also stress that
suspicious files sent by e-mail shouldn't be opened without first
checking with the sender.

"People are expecting holiday greetings [via e-mail]," says Computer
Associates' Hameroff. "But this is one holiday gift that you won't like
and you definitely won't be able to return it once it's opened." 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Send FREE Holiday eCards from Yahoo! Greetings.
http://us.click.yahoo.com/IgTaHA/ZQdDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] [fc:More.on.Arafat's.Trick.Peace.Initiative]"
• Previous message: Fred Cohen: "[iwar] [fc:*MAJOR.SECURITY.BREACH.AT.CCBILL**]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST