Fw: AOL computer virus - not an urban legend.

[Guest guest]

Success=Hope for the Best, Be Prepared for the Rest. Much Luck, Debi

----------

>

> To: WITCHHNT@...

> Cc: falseacc@...

> Subject: AOL computer virus - not an urban legend.

> Date: Wednesday, February 03, 1999 3:45 AM

>

> Picture.exe really a Trojan horse

>

> E-mail attachment, if opened, tries to send private information to an

> e-mail address originating in China.

>

> If you receive an attachment in e-mail called " picture.exe, " don't open

> it. If you do, what happens next reads a bit like a spy novel -- this

> Trojan horse drops two more programs called note.exe and manager.exe

> which will search through your internet cache directory and, if you have

> one, the directory that holds your America Online username and password.

> It then encrypts that information, tries to establish an Internet

> connection, and sends it all to an e-mail address in China.

>

> Picture.exe first surfaced right before Christmas, when some Net users

> were spammed with e-mail with the subject line " batty. " Several postings

> to Usenet virus groups followed; then Network Associates engineeers

> received several e-mail alerts to what appeared to be technically not a

> virus but a Trojan horse. (A Trojan horse does not replicate on its own,

> but a virus does.)

>

> Network Associates has since updated its McAfee virus program to detect

> picture.exe (If you already have the software, an updated version can be

> downloaded from this site), but many questions remain about the prying

> program.

>

>

> " This is a more interesting Trojan than normal, " said Gullotto,

> manager of the antivirus emergency response team for Network Associates.

> " It actually has the capability to take information and send it

> someplace. This one goes further than most and if it's successful can use

> the information against you. "

>

> A prying program

> Network Associates received an unusually large number of e-mails from

> victims of picture.exe, and there are already dozens of Usenet posts with

> security experts warning about the danger.

>

> Here's how it works:

>

> Once a recipient opens picture.exe, that file expands into two other

> executables -- note.exe and manager.exe -- and places them into the

> Windows subdirectory. The following line is also added to the win.ini

> file: " run=note.exe. " That makes note.exe run the next time Windows is

> started.

>

> According to Network Associates, note.exe then gathers information,

> apparently looking through the temporary Internet cache directory in an

> attempt to determine what Web sites users have visited. It then encrypts

> that information into a DAT file. It also appear to look in the directory

> where AOL user information is stored.

>

> Note.exe then builds a second DAT file.

>

> and about " Happy99.EXE. "

>

> According to Microsoft " This kind of virus requires a

> customer to run untrusted code in order to be infected

> (e.g. by disabling their default security settings). We

> aren't going to be releasing any preventative measures

> specific to this virus, but always encourage customers to

> use their warnings and to be cautious about running

> untrusted code. We also recommend that they update to the

> latest anti-virus software. "

>

> So be wary of any incoming file, don't run or open it

> directly (unless you have anti-virus software that

> intercepts and checks ALL files before you see them).

> Instead, save the file to your hard drive then run your

> anti-virus software to check it.

>

>

> Let me remind everyone: 2.8 trillion other filenames might also contain a

> virus or Trojan horse.

> It boils down to TWO RULES:

>

> Beware any file sent by someone you don't know.

>

> Beware any file sent by someone you DO know.

>

> computer security alerts never die ... they just get a new life-cycle.

>

>

> ___________________________________________________________________

> You don't need to buy Internet access to use free Internet e-mail.

> Get completely free e-mail from Juno at http://www.juno.com/getjuno.html

> or call Juno at (800) 654-JUNO [654-5866]