Archived posting to the Leica Users Group, 2000/11/22
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]This is not a hoax. Go to: http://www.upenn.edu/computing/help/doc/virus/alert.html for details. Jim At 04:07 PM 11/22/00 -0700, John Collier wrote: >l >Please be aware there are Two new viruses infecting email systems. >One contains an attachment called NAVIDAD.EXE and the other can arrive with >a number of different subject lines. >Please be careful when opening email messages that you are not expecting >especially if they have an attachment. > > >---------------------------------------------------------------------------- >------------------------------------------------------------------------ >This is an Internet worm which uses MAPI Outlook to spread. It will be >received by email as a response to a sent email message to an infected >user, with the attachment NAVIDAD.EXE. > > >When ran, this worm displays a dialog box entitled, "Error" which reads >"UI". A blue eye icon appears in the system tray next to the clock in the >lower right corner of the screen, and a copy of the trojan is saved to the >file "winsvrc.vxd" in the WINDOWS SYSTEM directory. The following registry >key values are created: > > > > > >Symptoms > > >- Presence of the EYE icon in the lower right corner of your screen >- When the cursor is placed over the EYE icon, the text, "Lo estamos >mirando..." is displayed. Translated this means, we are watching it. >- When the "eye" icon is clicked, a button appears reading, "Nunca >presionar este boton". Translated this means, never press this button. >- When the button is pressed, a messages box is displayed entitled, "Feliz >Navidad", which reads "Lamentablemente cayo en la tentacion y perdio su >computadora". Translated this reads, Merry Christmas, Unfortunately you've >given in to temptation and lose your computer. > > >---------------------------------------------------------------------------- >--------------------------------------- > > > > > >---------------------------------------------------------------------------- >----------------------------------- > > >This worm can arrive by email in HTML format with one of the following >subject lines: > > >Romeo and Juliet > > >ble bla, bee >I Love You ; >sorry... >Hey you ! >Matrix has you... >my picture >from shake-beer > > >The email will appear to contain no contents or identifiable attachments >however is encoded to contain two files, myromeo.exe and myjuliet.chm. > > >---------------------------------------------------------------------------- >------------------------------------------ >