[1767] in WWW Security List Archive
** Virus verified ** per CIAC
daemon@ATHENA.MIT.EDU (Jeanie Larson)
Mon Apr 1 21:54:31 1996
Date: Mon, 01 Apr 1996 16:38:24 +0000
From: Jeanie Larson <jlarson@frii.com>
Reply-To: jlarson@frii.com
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
This is a multi-part message in MIME format.
--------------B3949E55ED6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I forwarded a message about a Virus in PKZIP300.ZIP to CIAC. Dave
Crawford (CIAC Team) confirmed this is a problem.
-jeanie larson
SETEC, Inc
719-532-1224
--------------B3949E55ED6
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Return-Path: crawford@eek.llnl.gov
Received: from eek.llnl.gov (eek.llnl.gov [198.128.36.1]) by phobos.frii.com (8.6.12/8.6.9) with ESMTP id QAA22547 for <jlarson@frii.com>; Mon, 1 Apr 1996 16:22:13 -0700
Received: by eek.llnl.gov (8.7.1/LLNL-2.0)
id PAA12315; Mon, 1 Apr 1996 15:21:14 -0800 (PST)
Date: Mon, 1 Apr 1996 15:21:14 -0800 (PST)
From: crawford@eek.llnl.gov (David Crawford)
Message-Id: <199604012321.PAA12315@eek.llnl.gov>
To: jlarson@frii.com
Cc: ciac@llnl.gov
Subject: RE:[Fwd: **New and Dangerous Computer Virus** (fwd)]
In-Reply-To: <315FF8F0.180B@frii.com>
References: <315FF8F0.180B@frii.com>
X-Mozilla-Status: 0011
Jeanie,
The following is from PKWare
It has come to PKWARE's attention that a trojan version of PKZIP is being
distributed under the name PKZ300B.ZIP or PKZ300B.EXE. This version is not
an offical version and will attempt to destroy your HD. Delete it immediately
if you have downloaded this version. If you have any further questions about
this trojan version, contact PKWARE at: support@pkware.com.
============================ End PKWare Message ==========================
PKWare lists the following as known PKZIP related hacks (modified or bogus
versions)
as of 06/01/95:
PKZIP120 Early hack of 1.1
PKZIP20B Hack of 1.1
PKZIP_V2.EXE Trojan, will erase hard drive
PKZ201.ZIP Hack of 1.93
PKZ201.EXE "
PKX201.EXE "
PKZ210F.EXE Unknown
PKZIPV2 **TROJAN** will erase hard drives
PKUNZIP.COM Unknown
PKZIP203.EXE Unknown
PUTAV 1.93 Fake putav program (Trojan)
PKZIP 1.99 Unknown
PKZIP 2.02 Unknown
PKZIP 2.2 **TROJAN** destroys hard drives
PKZ305.EXE Hack of 1.93, fave AV, **VIRUS**
PKZ41V.EXE Hack of 1.93
PKZ300B.ZIP Trojan, will erase hard drives
PKZ300B.EXE "
If you have any questions or problems, please let us know.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Incident Advisory Capability (CIAC) David L. Crawford
(510)422-8193 (510)423-9905
ciac@llnl.gov crawford1@llnl.gov
----------------------------------------------------------------------
> This is a multi-part message in MIME format.
>
> --------------4BCE5AF913CE
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> Folks:
>
> Is this for real??
>
> -jeanie
>
>
> Jeanie Larson
> SETEC, Inc. 719-532-1224
> Colorado Springs, CO 80920
>
> --------------4BCE5AF913CE
> Content-Type: message/rfc822
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> Return-Path: owner-www-security@ns2.rutgers.edu
> Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by phobos.frii.com (8.6.12/8.6.9) with ESMTP id KAA11028 for <jlarson@frii.com>; Mon, 1 Apr 1996 10:41:14 -0700
> Received: (from daemon@localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) id XAA14737 for www-security-outgoing; Sun, 31 Mar 1996 23:21:26 -0500
> Received: from juliet.stfx.ca (juliet.stfx.ca [141.109.2.2]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with SMTP id XAA14707 for <www-security@ns2.Rutgers.EDU>; Sun, 31 Mar 1996 23:20:53 -0500
> Received: by juliet.stfx.ca (AIX 3.2/UCB 5.64/4.10)
> id AA61615; Mon, 1 Apr 1996 00:21:02 -0400
> Date: Mon, 1 Apr 1996 00:21:02 -0400 (AST)
> From: Still <x93ojg@juliet.stfx.ca>
> To: WWW Security <www-security@ns2.rutgers.edu>
> Subject: **New and Dangerous Computer Virus** (fwd)
> Message-Id: <Pine.A32.3.91.960401001924.44727B@juliet.stfx.ca>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-www-security@ns2.rutgers.edu
> Precedence: bulk
> Errors-To: owner-www-security@ns2.rutgers.edu
> X-Mozilla-Status: 0001
>
> I don't know if this is a load of crap or not so feel free to believe as
> much of it as you want.
>
> >***Do not download any file named PKZIP300.ZIP regardless of the extension.***
> >
> >WARNING!!!!! Read the following and take note for those of you whohave
> >access to the web and FTP sites ... BE WARE!!! Notify your friends and
> >family and total strangers too!!! No one wants to deal with this
> >what-so-ever.
> >
> >A NEW Trojan Horse Virus has emerged on the internet with the name
> >PKZIP300.ZIP, so named as to give the impression that this file is a new
> >version of the PKZIP software used to "ZIP" (compress) files.
> >
> >DO NOT download this file under any circumstances!!! If you install or
> >expand this file, this virus will wipe your hard drive clean and effect
> >modems 14.4 or higher. This is an extremely destructive virus and as of yet
> >there is no way of cleaning this one up.
> >
> >*** DO NOT DOWNLOAD ANY FILE NAMED PKZIP300.ZIP REGARDLESS OF THE
> >EXTENSION!!!! ***
> >
> >
> >This message came in to Newfoundland Light and Power on March the 29th at
> >1:18 pm NST. Please. This is not a joke. This is serious. If you have
> >already heard about it, this is a reminder. If you haven't, take heed.
> >
> >
> >Andrew Laffin
> >*---------------------------------------------------------------------------
> >-------*
> >* Andrew Laffin/Ray Banfield
> >* * c/o Ray Banfield
> >* * rbanfiel@terra.nlnet.nf.ca
> >* * CSHL: Marystown Bootleggars
> >* * STRPG: Lt Andrew Myst
> >* * XFRPG: SA-1 Andrew Faust, Sa-9 Paul O'Niell
> >* * EHL: Marystown Monsters
> >*
> >*___________________________________________________________________________
> >_______
> >* You know your starship captain is a redneck when he has flames and a NRA
> >sticker * * painted on his warp nacells
> >*
> >*___________________________________________________________________________
> >_______*
> >Trivia Question- What does a bartender from Cheers and a Captain of the
> >Starship Enterprise Have in common. All answers should be
> >sent to Andrew Laffin at rbanfiel@terra.nlnet.nf.ca.
> >Watch this space for the answer and a new question shortly
> >after Easter. Unless someones knows the answer......!
> >----------------------------------------------------------------------------
> >------
> >
> >
> >
> >
> >
>
>
>
> --------------4BCE5AF913CE--
>
>
--------------B3949E55ED6--
