911 Virus Alert

[Guest guest]

Hi to All

 

I have just received this information in the mail from a reliable source. It

appears genuine and could pose a serious threat. The anti-virus companies

only received a copy of the code today - suggest that you download the

latest virus signature files over the next couple of days and keep your

system updated, and if you have network file sharing turned on, do as the

mail suggests and turn it off, unless this is going to cause you operating

problems on your network. If you are operating a stand-alone system, you do

not need network file sharing - it should be off.

 

If you have any technical problems or queries, please don't contact me -

contact your anti-virus software supplier.

 

I would remind everyone that any alerts that you may receive from time to

time should be forwarded to me - kundaliniyoga-owner and NOT to

the list. I only forward them to the list once I have satisfied myself that

they are not hoaxes.

 

Sat Nam!

Gordon

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

A sharp r (thanks Toni) sent in the following alert. It

took a while to verify it at a site other than the ones mentioned in

the alert, but I finally have, and this seems genuine. One of the

things to note, is that it recommends turning off file sharing. I

have had file sharing turned off for years, but that may not work for

you if you're in a network environment an you need to have file

sharing between computers.

 

Another thing, if this were to spread, because it dials emergency 911

systems it could actually cause grave damage outside your computer.

If it were to tie up an emergency 911 system at the time there was an

emergency, someone needing emergency services could perish without

the needed help. Because of this, even though the virus hasn't

spread far yet, gives it far ranging implications. Here's the alert:

 

---------------------------

 

At 8:00 am on Saturday, April 1 (This is not an April Fool's

joke!) the FBI announced it had discovered malicious code wiping

out the data on hard drives and dialing 911. This is a vicious

virus and needs to be stopped quickly. That can only be done

through wide-scale individual action. Please forward this note

to everyone who you know who might be affected.

 

The FBI Advisory is posted at

http://www.nipc.gov/nipc/advis00-038.htm

 

The 911 virus is the first "Windows shares virus." Unlike

recent viruses that propagate though eMail, the 911 virus

silently jumps directly from machine to machine across the

Internet by scanning for, and exploiting, open Windows shares.

After successfully reproducing itself in other

Internet-connected machines (to assure its continued survival)

it uses the machine's modem to dial 911 and erases the local

machine's hard drive. The virus is operational; victims are

already reporting wiped-out hard drives.

 

The virus was launched through AOL, AT&T, MCI, and NetZero in

the Houston area. The investigation points to relatively

limited

distribution so far, but there are no walls in the Internet.

 

-----------------

Action 1: Defense

-----------------

 

Verify that your system and those of all your coworkers,

friends, and associates are not vulnerable by verifying that

file sharing is turned off.

 

* On a Windows 95/98 system, system-wide file sharing is

managed by selecting My Computer, Control Panel, Networks, and

clicking on the File and Print Sharing button. For

folder-by-folder controls, you can use Windows Explorer (Start,

Programs, Windows Explorer) and highlight a primary folder such

as My Documents and then right mouse click and select

properties. There you will find a tab for sharing.

 

* On a Windows NT, check Control Panel, Server, Shares.

 

For an excellent way to instantly check system vulnerability,

and for detailed assistance in managing Windows file sharing,

see: Shields Up! A free service from Gibson Research

(http://grc.com/)

 

-------------------

Action 2: Forensics

-------------------

 

If you find that you did have file sharing turned on, search

your hard drive for hidden directories named "chode",

"foreskin",

or "dickhair" (we apologize for the indiscretion - but those are

the real directory names). These are HIDDEN directories, so you

must configure the Find command to show hidden directories.

Under

the Windows Explorer menu choose View/Options: "Show All Files".

 

If you find those directories: remove them.

 

And, if you find them, and want help from law enforcement, call

the FBI National Infrastructure Protection Center (NIPC) Watch

Office at 202-323-3204/3205/3206. The FBI/NIPC has done an

extraordinary job of getting data out early on this virus and

deserves both kudos and cooperation.

 

You can help the whole community by letting both the FBI and

SANS (intrusion) know if you've been hit, so we can

monitor the spread of this virus.

 

 

--------------

Moving Forward

--------------

 

The virus detection companies received a copy of the code for

the 911 Virus early this morning, so keep your virus signature

files up-to-date.

 

We'll post new information at www.sans.org as it becomes

available.

 

Prepared by:

Alan Paller, Research Director, The SANS Institute

Steve Gibson, President, Gibson Research Corporation

Stephen Northcutt, Director, Global Incident Analysis Center