This is an internal memo from my wifes work. > -----Original Message----- > From: > Sent: Monday, September 20, 1999 12:00 PM > To: > Subject: New Viruses - Be Warned! > > > The I.S. Virus Command Center (a team which was created during the Melissa > weekend) wants to alert you of some new viruses. The details are > identified below for those of you who want to know more. > > Bottom line: Whenever you receive an email from someone that has an odd > sounding attachment (or has an odd subject title), contact that person > BEFORE opening the attachment! > > NEVER open a suspicious email attachment from someone you don't know; most > destructive viruses come in the form of an seemingly innocent sounding > attachment (like a screensaver or a game) and as in the case of Melissa, > can spread rapidly throughout a company's entire network without you > knowing you were the one spreading it! > > > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > Details: > As a computer user you are undoubtedly aware that viruses and the "dreaded > Y2K bug" both can have adverse affects on your computer. Like most of us, > you try and safeguard yourself against these threats at home and at the > office. > > Unfortunately, some very unscrupulous individuals have recently written > viruses in the guise of a "Y2K software checker" that can potentially > damage your computer or distribute sensitive information. There are at > least two new viruses of this nature in circulation. Listed below is a > brief description: > Troj.Polygot Trojan Horse > Troj.Polygot is a trojan horse program that comes as an email attachment > Y2KCOUNT.EXE. The email is disguised as an email from Microsoft Support. > Please note that this email is not from Microsoft. The attached > Y2KCOUNT.EXE program is a self-extracting trojan horse program. > The email contained the following message: > To All Microsoft Users, > We are excited to announce Microsoft Year 2000 counter. Start the > countdown now. Let us all get in the 21 Century. Let us lead the way to > the future and we will get you there FASTER and SAFER. > Thank you, > Microsoft Corporation > This trojan horse program appears to intercept username and password entry > on login session and send it to the trojan horse. > > W95.Fix2001 > W95.Fix2001 is an internet worm. It arrives on an e-mail as a MIME-encoded > attachment called Fix2001.exe. The subject of the received e-mail is > "Internet problem year 2000". It is sent by a person called > "Administrator". The message of the Fix2001 worm is the following: > Internet Customer: > We will be glad if you verify your Operative System(s) before Year 2000 to > avoid problems with your Internet Connections. If you are a Windows 95 / > 98 user, you can check your system using the Fix2001 application that is > attached to this E-Mail or downloading it from Microsoft (C) WEB Site: > HTTP://WWW.MICROSOFT.COM If you are using another Operative System, please > don't wait until Year 2000, ask your OS Technical Support. > Thanks. > Administrator" > When initially executed, the worm will install itself on the local > machine's Windows system directory with the same name. It modifies the > registry \Windows\Currentversion\Run field to execute itself during boot > time from that on. When executed the first time, it will display the > following message: > Y2K Ready!! > Your Internet Connection is already Y2K, you don't need to upgrade it. > > The trojan will be executed next time when the computer is booted. If the > trojanized COMMAND.COM is executed, it will destroy the hard disk data > whenever the hard disk is an IDE drive. > > "What can you do to protect yourself?" > > Whenever you receive an email from someone that has an odd sounding > attachment (or has an odd subject title), contact that person BEFORE > opening the attachment! > NEVER open a suspicious email attachment from someone you don't know; most > destructive viruses come in the form of an seemingly innocent sounding > attachment (like a screensaver or a game) and as in the case of Melissa, > can spread rapidly throughout a company's entire network without you > knowing you were the one spreading it! > > >