FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard Drives Today

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 29860
interpreted = N
texte = How true is the below?APC Net, Inc. - sales@apcn.net - www.apcn.net4471 NW 36 St. #110 - Miami Springs, FL 33166 Web Hosting,Web Design & Internet Services-----Original Message-----From: John - JTC [mailto:John@JTConsultants.com]Sent: Saturday, April 01, 2000 9:42 PMTo: Vince MedinaSubject: FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard DrivesToday-----Original Message-----From: Derek Dickson [mailto:dickson@wo.net]Sent: Saturday, April 01, 2000 8:59 PMTo: NT System Admin IssuesCc: TIDA; NT System Admin Issues; Jordan, Chris; Andrew MorrowSubject: FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard DrivesToday-----Original Message-----From: The SANS Institute [mailto:sans@sans.org]Sent: Saturday, April 01, 2000 5:14 PMTo: Derek Dickson (SD448143)Subject: Virus Alert: FBI Finds 911 Virus Wiping Out Hard Drives TodayTo: Derek Dickson (SD448143)From: The SANS Institute Research OfficeSubj: Malicious 911 Virus Wipes Out Hard Drives of Internet Users At 8:00 am on Saturday, April 1 (This is not an April Fool's joke!)the FBI announced it had discovered malicious code wiping out the data onhard drives and dialing 911. This is a vicious virus and needs tobe stopped quickly. That can only be done through wide-scale individual action. Please forward this note to everyone who you know who might be affected.The FBI Advisory is posted at http://www.nipc.gov/nipc/advis00-038.htmThe 911 virus is the first Windows shares virus. Unlike recent viruses that propagate though eMail, the 911 virus silently jumps directly from machine to machine across the Internet by scanning for, and exploiting, open Windows shares. After successfully reproducing itself in other Internet-connected machines(to assure its continued survival) it uses the machine's modem todial 911 and erases the local machine's hard drive. The virus isoperational; victims are already reporting wiped-out hard drives.The virus was launched through AOL, AT&T, MCI, and NetZero in theHouston area. The investigation points to relatively limiteddistribution so far, but there are no walls in the Internet.-----------------Action 1: Defense-----------------Verify that your system and those of all your coworkers, friends, andassociates are not vulnerable by verifying that file sharing isturned off.* On a Windows 95/98 system, system-wide file sharing is managed byselecting My Computer, Control Panel, Networks, and clicking on theFile and Print Sharing button. For folder-by-folder controls, youcan use Windows Explorer (Start, Programs, Windows Explorer) andhighlight a primary folder such as My Documents and then right mouseclick and select properties. There you will find a tab for sharing.* On a Windows NT, check Control Panel, Server, Shares.For an excellent way to instantly check system vulnerability, and fordetailed assistance in managing Windows file sharing, see: ShieldsUp! A free service from Gibson Research (http://grc.com/)-------------------Action 2: Forensics-------------------If you find that you did have file sharing turned on, search yourhard drive for hidden directories named chode, foreskin, ordickhair (we apologize for the indiscretion - but those are thereal directory names). These are HIDDEN directories, so you mustconfigure the Find command to show hidden directories. Under theWindows Explorer menu choose View/Options: Show All Files.If you find those directories: remove them.And, if you find them, and want help from law enforcement, call the FBI National Infrastructure Protection Center (NIPC) Watch Office at 202-323-3204/3205/3206. The FBI/NIPC has done an extraordinary job of getting data out early on this virus and deserves both kudos and cooperation.You can help the whole community by letting both the FBI and SANS (intrusion@sans.org) know if you've been hit, so we can monitor the spread of this virus.--------------Moving Forward--------------The virus detection companies received a copy of the code for the911 Virus early this morning, so keep your virus signature filesup-to-date.We'll post new information at www.sans.org as it becomes available.Prepared by:Alan Paller, Research Director, The SANS InstituteSteve Gibson, President, Gibson Research CorporationStephen Northcutt, Director, Global Incident Analysis Center[john@jtconsultants.com] To unsubscribe, send a blank email toleave-ntsysadmin-1283781A@lyris.sunbelt-software.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard Drives Today (Vince Medina 2000)

How true is the below?APC Net, Inc. - sales@apcn.net - www.apcn.net4471 NW 36 St. #110 - Miami Springs, FL 33166 Web Hosting,Web Design & Internet Services-----Original Message-----From: John - JTC [mailto:John@JTConsultants.com]Sent: Saturday, April 01, 2000 9:42 PMTo: Vince MedinaSubject: FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard DrivesToday-----Original Message-----From: Derek Dickson [mailto:dickson@wo.net]Sent: Saturday, April 01, 2000 8:59 PMTo: NT System Admin IssuesCc: TIDA; NT System Admin Issues; Jordan, Chris; Andrew MorrowSubject: FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard DrivesToday-----Original Message-----From: The SANS Institute [mailto:sans@sans.org]Sent: Saturday, April 01, 2000 5:14 PMTo: Derek Dickson (SD448143)Subject: Virus Alert: FBI Finds 911 Virus Wiping Out Hard Drives TodayTo: Derek Dickson (SD448143)From: The SANS Institute Research OfficeSubj: Malicious 911 Virus Wipes Out Hard Drives of Internet Users At 8:00 am on Saturday, April 1 (This is not an April Fool's joke!)the FBI announced it had discovered malicious code wiping out the data onhard drives and dialing 911. This is a vicious virus and needs tobe stopped quickly. That can only be done through wide-scale individual action. Please forward this note to everyone who you know who might be affected.The FBI Advisory is posted at http://www.nipc.gov/nipc/advis00-038.htmThe 911 virus is the first Windows shares virus. Unlike recent viruses that propagate though eMail, the 911 virus silently jumps directly from machine to machine across the Internet by scanning for, and exploiting, open Windows shares. After successfully reproducing itself in other Internet-connected machines(to assure its continued survival) it uses the machine's modem todial 911 and erases the local machine's hard drive. The virus isoperational; victims are already reporting wiped-out hard drives.The virus was launched through AOL, AT&T, MCI, and NetZero in theHouston area. The investigation points to relatively limiteddistribution so far, but there are no walls in the Internet.-----------------Action 1: Defense-----------------Verify that your system and those of all your coworkers, friends, andassociates are not vulnerable by verifying that file sharing isturned off.* On a Windows 95/98 system, system-wide file sharing is managed byselecting My Computer, Control Panel, Networks, and clicking on theFile and Print Sharing button. For folder-by-folder controls, youcan use Windows Explorer (Start, Programs, Windows Explorer) andhighlight a primary folder such as My Documents and then right mouseclick and select properties. There you will find a tab for sharing.* On a Windows NT, check Control Panel, Server, Shares.For an excellent way to instantly check system vulnerability, and fordetailed assistance in managing Windows file sharing, see: ShieldsUp! A free service from Gibson Research (http://grc.com/)-------------------Action 2: Forensics-------------------If you find that you did have file sharing turned on, search yourhard drive for hidden directories named chode, foreskin, ordickhair (we apologize for the indiscretion - but those are thereal directory names). These are HIDDEN directories, so you mustconfigure the Find command to show hidden directories. Under theWindows Explorer menu choose View/Options: Show All Files.If you find those directories: remove them.And, if you find them, and want help from law enforcement, call the FBI National Infrastructure Protection Center (NIPC) Watch Office at 202-323-3204/3205/3206. The FBI/NIPC has done an extraordinary job of getting data out early on this virus and deserves both kudos and cooperation.You can help the whole community by letting both the FBI and SANS (intrusion@sans.org) know if you've been hit, so we can monitor the spread of this virus.--------------Moving Forward--------------The virus detection companies received a copy of the code for the911 Virus early this morning, so keep your virus signature filesup-to-date.We'll post new information at www.sans.org as it becomes available.Prepared by:Alan Paller, Research Director, The SANS InstituteSteve Gibson, President, Gibson Research CorporationStephen Northcutt, Director, Global Incident Analysis Center[john@jtconsultants.com] To unsubscribe, send a blank email toleave-ntsysadmin-1283781A@lyris.sunbelt-software.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Vince Medina

DOWNLOAD WEBDNA NOW!

FW: Virus Alert: FBI Finds 911 Virus Wiping Out Hard Drives Today

2000

Top Articles:

Related Readings: