On 29 Nov 1996 16:17:34 +0200, in comp.security.misc
[log in to unmask] (Mikko H. Hypponen) wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>This is a warning on a nasty hoax that has been distributed on several
>mailing lists and in usenet news. The hoax message is falsely
>attributed to me ([log in to unmask]).
>
>This false warning urges people to stay off Microsoft's
>home page and not to use Microsoft Internet Explorer,
>because the 'Microsoft home page is possibly infected
>by a virus'. This is nonsense.
>
>If you have seen this warning, please pass on this message,
>and please do not redistribute the original warning any more.
>
>The origins on this nasty hoax is as of yet unknown.
>The original hoax warning is quoted here in full:
>
>   ---begin hoax---
>
>   Red Alert for anybody using Microsoft's Internet Explorer as
>   their web browser.
>
>   This came in on the virus forum at the University of Hamburg
>   from a fairly reliable source: Mikko H. Hypponen
>   ([log in to unmask]) in Finland. (datafellows is
>   an anti-virus company)
>
>   The first indication that something was amiss was when the computer
>   of an MIS professional friend of Mikko's was completely wiped --
>   including BIOS and CMOS -- on 11-20-96. It took a great deal of
>   arguing with Microsoft until 11-22-96 (logged at 0930 hours) when
>   they finally admitted something was wrong and took "their homepage
>   into their lab."
>
>   Mikko's first report was at 11:13 on 11-22-96. By 13:17 on 11-22-96
>   the following message was received:
>
>   ---------------------------------------------------------
>   >       Okay, it's official (last conversation with techs at 1200 hrs,
>   >       11-22-96, virus confirmed) Western Digital and Microsoft
>   >       confirm that a new virus is on the web and they cannot
>   >       isolate it. The only thing they know for sure is that it
>   >       completely wipes out a computer. As of this time, they cannot
>   >       determine how best to get rid of the thing once it is in your
>   >       system.
>   >
>   [irrelevant "in-joke" cut]
>   >
>   >       They are recommending that until they can isolate it (it appears
>   >       to be coming from several locations) you just stay off the web.
>
>   ---------------------------------------------------------
>
>   This sounds like a trojan rather than a virus, but it is extremely
>   destructive nonetheless.
>
>   Unless you can filter addresses so your webbrowser will not
>   go to Microsoft's home page, stay off Microsoft's home page
>   until further notice. (As Mikko post updates, I'll forward
>   them.)
>
>   Incidentally, Mikko and his friend *were* frequent users of Microsoft's
>   Web browser.
>
>   ---end hoax---
>
>Oh, by the way. I prefer Netscape and Lynx...
>If you have any questions, contact me directly at
>[log in to unmask]
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2i
>
>iQCVAwUBMp7jpdn7CX0PJlcJAQFFjQQAkzaqIaAPIH0TKVM+1K2Ampj7yP/MIaKS
>cGbWzb2A0EHnloxa5i5ZqYDYq69+Y4TYaDV2CsKz6jGdQJ+niZEs0K6sjNYRxyxV
>eO7xk52f3UOvsrKTXsgZM2MffTHV+YuHDDvw+K+qN2FgTlepJzsdGzaVlURi5LnR
>gHYqDRZoatY=
>=zvx3
>-----END PGP SIGNATURE-----
>
>-- 
>         Mikko Hermanni Hyppönen - [log in to unmask]  
>   Data Fellows Ltd's F-PROT Pro Support: [log in to unmask]
> Computer virus information available via web: http://www.DataFellows.com/
>Paivantaite 8, 02210 Espoo, Finland. Tel +358-9-478444, Fax +358-9-47844599



--

[log in to unmask]
WARNING:  The return email address field has been altered to
foil bulk email spammers.  If you reply to this message please
remove the * from the end of the return address or it'll bounce.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%