OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: NIPC Worm/Virus Alert
From: Elias Levy (aleph1SECURITYFOCUS.COM)
Date: Sun Apr 02 2000 - 04:50:53 CDT

http://www.nipc.gov/nipc/advis00-038.htm

   SUBJECT: NATIONAL INFRASTRUCTURE PROTECTION CENTER INFORMATION SYSTEM
        ADVISORY (NIPC ADVISORY 00-038); SELF-PROPAGATING 911 SCRIPT

   1. A RECENT AND BREAKING FBI CASE HAS REVEALED THE CREATION AND
   DISSEMINATION OF A SELF-PROPAGATING SCRIPT THAT CAN ERASE HARD DRIVES
   AND DIAL-UP 911 EMERGENCY SYSTEMS. WHILE INVESTIGATION AND TECHNICAL
   ANALYSIS CONTINUE, THE SCRIPT APPEARS TO INCLUDE THE FOLLOWING
   CHARACTERISTICS:

   A. ACTIVELY SEARCH THE INTERNET FOR COMPUTER SYSTEMS SET UP FOR FILE
   AND PRINT SHARING AND COPY ITSELF ON TO THESE SYSTEMS.

   B. OVERWRITE VICTIM HARD DRIVES.

   C. CAUSE VICTIM SYSTEMS TO DIAL 911 (POSSIBLY CAUSING EMERGENCY
   AUTHORITIES TO CHECK OUT SUBSTANTIAL NUMBERS OF "FALSE POSITIVE"
   CALLS).

   2. TO THIS POINT CASE INFORMATION AND KNOWN VICTIMS SUGGEST A
   RELATIVELY LIMITED DISSEMINATION OF THIS SCRIPT IN THE HOUSTON, TEXAS
   AREA, THROUGH SOURCE COMPUTERS THAT SCANNED SEVERAL THOUSAND COMPUTERS
   THROUGH FOUR INTERNET SERVICE PROVIDERS (AMERICA ON-LINE, AT&T, MCI,
   AND NETZERO). DISSEMINATED SCRIPT MAY BE PLACED IN HIDDEN DIRECTORIES
   NAMED CHODE, FORESKIN OR DICKHAIR. FURTHER SCRIPT ANALYSIS BY THE
   FBI/NIPC CONTINUES.

   3. FBI/NIPC REQUESTS RECIPIENTS IMMEDIATELY REPORT INFORMATION
   RELATING TO USE OF THIS SCRIPT TO THE LOCAL FBI OR FBI/NIPC WATCH AT
   202-323-3204/3205/3206. AS MORE TECHNICAL OR OPERATIONAL INFORMATION
   ABOUT THIS SCRIPT DEVELOPS, NIPC WILL DISSEMINATE THIS INFORMATION
   THROUGH THE CARNEGIE MELLON CERT, ANTIVIRUS VENDORS OR ITS OWN WEB
   SITE (www.nipc.gov), AS APPROPRIATE.
     _________________________________________________________________

               [ [1]Back to Advisories, Alerts and Warnings ]

References

   1. http://www.nipc.gov/nipc/nipcaaw.htm