We've all had emails telling us that there is a dangerous new virus and that
someone says that someone says IBM itself says it will snap our trouser
belts and make our socks smell... I've ridiculed them myself
*This one comes straight from Symantec to subscribers to its news bulletins,
of whom I am one. Obviously, they're trying to sell software protection but
that doesn't invalidate the warning. I send it in case anyone here is into
chat systems etc and for its general millennial warning - always wear an
antiviral program
--------------------------------------------------------
Executive summary:
| W95.Babylonia should be considered DANGEROUS!
| W32.HLLP.Soft6 is of lesser risk.
| Monitor the site
| http://www.symantec.com/techsupp/vURL.cgi/nav25
| for notice when the virus definitions have been updated and for full
| details on W95.Babylonia. Updating for one will protect you from BOTH
| viruses!
| **** PLEASE NOTE:
| SARC anticipates that the rest of 1999 will be rife with new, highly
| destructive viruses. Please be aware that Symantec will continue to
| post notices of the most destructive viruses so you may better
| protect yourself. The best protection is to update your definitions
| at least weekly, if not daily. ****
| | W95.Babylonia is a very complex virus that propagates mainly to other
| computer users via MIRC.
---------------------------------------
Whole of the message follows for the spanner-heads and masochists.
Right I'm off to the library
L
------------------------------------
---- Original Message -----
From: Symantec News Bulletins <[log in to unmask]>
To: <[log in to unmask]>
Sent: 08 December 1999 01:07
Subject: NORTON ANTIVIRUS EMERGENCY NEWS BULLETIN - VIRUS ALERT!
| December 7, 1999
| _____________________________
|
| THIS IS A VIRUS ALERT ON W95.BABYLONIA and on W32.HLLP.Soft6.
|
| W95.Babylonia should be considered DANGEROUS!
|
| W32.HLLP.Soft6 is of lesser risk.
|
|
| Monitor the site
|
| http://www.symantec.com/techsupp/vURL.cgi/nav25
|
| for notice when the virus definitions have been updated and for full
| details on W95.Babylonia. Updating for one will protect you from BOTH
| viruses!
|
| **** PLEASE NOTE:
| SARC anticipates that the rest of 1999 will be rife with new, highly
| destructive viruses. Please be aware that Symantec will continue to
| post notices of the most destructive viruses so you may better
| protect yourself. The best protection is to update your definitions
| at least weekly, if not daily. ****
|
| DESCRIPTION OF W95.BABYLONIA
|
| W95.Babylonia was discovered on Dec 6, 1999. The virus was created by
| a member of the 29A virus writing group. It was originally posted to
| an Internet news group as a Windows Help file named serialz.hlp, and
| appeared to be a list of serial numbers for commercial software. When
| this Windows help file is launched, it will introduce the virus into
| the computer system. Symantec AntiVirus Research Center (SARC) has
| received over 20 submissions of this new virus as of Dec 6, and
| believes it to be spreading rapidly worldwide.
|
| W95.Babylonia is a very complex virus that propagates mainly to other
| computer users via MIRC. MIRC is a text based communication
| application used to chat over the Internet. When an infected user
| logs onto MIRC, it will automatically send the virus to everyone
| within the same MIRC chat room as the infected user. The virus will
| be sent as a Y2K bug fix. Once this file (Y2K bug fix) is executed,
| it will infect other 32-bit EXE program files as well as Windows Help
| files.
|
| The virus will try to modify the system to display the following
| message when booting the infected computer:
|
| W95/Babylonia by Vecna (c) 1999
| Greetz to RoadKil and VirusBuster
| Big thankz to sok4ever webmaster
| Abracos pra galera brazuca!!!
| ---
| Eu boto fogo na Babilonia!
|
| The virus will also send an email to [log in to unmask] to
| track infected computers.
|
| The most interesting part of the virus is the ability to download the
| viral components of the virus from the Internet. When the virus is
| executed, the virus will wait for an Internet connection. When it
| detects that the computer can access the Internet, it will download
| several files from a web server in Japan. Because the virus has such
| capability, it is possible for the virus writer to update the virus
| centrally.
|
|
| RECOMMENDATIONS/PROTECTION:
|
| * Download new definitions set. This will be available late
| December 7, 1999, through Symantec's LiveUpdate feature or from the
| Symantec Web site at www.symantec.com/avcenter/download.html.
|
|
| ****
|
| DESCRIPTION OF W32.HLLP.Soft6
|
| W32.HLLP.Soft6 is a Windows NT specific worm that propagates over
| Windows NT networks and displays a large message "Hi 2000!" on the
| screen. This message is very large and very noticable. SARC believes
| this worm probably cannot spread to different corporations quickly
| because it only spreads via network and does not spread via email.
| Remember, monitor the SARC site for info on W95.Babylonia. When
| updates are ready, updating for one protects you from both.
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|