[20] in Security FYI
Fwd: Windows Virus Alert: PrettyPark
daemon@ATHENA.MIT.EDU (Jonathan McIndoe Hunt)
Fri Sep 10 12:40:53 1999
Message-Id: <4.2.0.58.19990910123709.03a87540@po7.mit.edu>
Date: Fri, 10 Sep 1999 12:37:26 -0400
To: security-fyi@mit.edu
From: Jonathan McIndoe Hunt <jmhunt@MIT.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hello,
I am forwarding this message because of the nastier behavior of this
virus. According to the information found at
http://www.datafellows.com/v-descs/prettyp.htm this virus establishes a
backdoor, installs an irc-bot and announces the infect machine over various
irc channels, and self propegates via email to people in address books. A
fix is being looked into. The current suggested fix, which has NOT been
tested, requires the files32.vxd file to be intact before applying
it. More information will be release when we have a reliable solution.
-Jonathan
>X-Warning: mitvma.mit.edu: Host PACIFIC-CARRIER-ANNEX.MIT.EDU claimed to be
> MIT.EDU
>Date: Fri, 10 Sep 1999 10:37:21 -0400
>Reply-To: Gerald I Isaacson <gii@MIT.EDU>
>Sender: MIT Virus Notification Service <MITVIRUS@mitvma.mit.edu>
>From: Gerald I Isaacson <gii@MIT.EDU>
>Subject: Windows Virus Alert
>To: MITVIRUS@mitvma.mit.edu
>
>There has been an incident of the W32/Pretty.Park worm on campus.
>This worm will attach itself to e-mails and replicate to everyone on
>the address list.
>
>A VirusScan signature file of 4029 or higher will detect this virus.
>The latest signature file is 4042.
>
>For details about this worm see:
>
>http://www.datafellows.com/v-descs/prettyp.htm
>
>Jerry Isaacson