From: Bruce Satow (satow@ssl.berkeley.edu)
Date: Thu Dec 13 2001 - 14:22:00 PST
Dear Folks,
I've been getting a rash of email with attachments from strangers. I
hope no one has been foolish enough to open them because those
attachments are infected with worm type viruses.
I hope that everyone has an anti-virus software program installed and
have kept up with updating to the latest anti-virus definitions.
Please remember - even if you have an anti-virus program installed and
have kept up with updating to the latest anti-virus definitions this
does not mean you are 100% protected.
You are NOT protected against new types of worms or viruses - only the
ones whose coding has already been identified.
The bad news I have recently read is about a new worm type virus making
its way across the internet. Apparently, some bozo has found out that
Adobe Acrobat files can carry malicious codes too. Please watch for
email messages that contains the words or phrase "find the peach" or
"joke".
The file attachment name can be "joke.pdf" or "search.pdf". Opening the
file and clicking a prominent icon unleashes the worm and it emails
itself to 100 names in your Outlook address book.
This bug is known as 'VBS/PeachyPDF@MM'. Luckily most of the people up
here at SSL use Netscape Messenger as their email program instead of
outlook. However, just because you aren't using outlook doesn't mean
that you didn't get infected.
The worm needs the full Adobe Acrobat 5 program installed. I do not
know if users of Adobe Acrobat version 4 program will be affected.
Users of just Acrobat Reader are apparently okay, but I am not 100%
sure.
Again I have to keep warning users. Please watch out for emails from
strangers that contain attachments. You don't have to read them, just
delete them.
VBS and worm viruses are easily modified with a plain text editor. All
you have to do is change the extension to .txt and use notepad to change
the coding. If you know what you are doing and enough changes have been
made you've created another worm which won't be detected until the
anti-virus software companies send out an update.
Another danger is people who are using Windows MSN Messenger for
chatting. The W32/Annoying worm is being spread via this program. It
appears in your instant messaging session masqerading as a picture
file. If you click the file, a fake error message will pop up telling
you that the file has been corrupted. Then the worms infects your
system.
-- Bruce Satow Programmer/Analyst Space Physics Research Group Space Sciences Laboratory University of California Berkeley, California 94720-7450 USAemail: satow@ssl.berkeley.edu voice: (510) 643-2348 fax: (510) 643-8302 URL: http://sprg.ssl.berkeley.edu/~satow
------------------------------------------------------------------------ The following was automatically added to this message by the list server:
For information about Micronet, its meetings and events, and its mailing list, including information on subscribing and unsubscribing, see the Micronet Web site at <http://wss.berkeley.edu/micronet/>.
This archive was generated by hypermail 2b29 : Thu Dec 13 2001 - 14:23:46 PST