[1771] in WWW Security List Archive
Re[2]: **New and Dangerous Computer Virus** (fwd)
daemon@ATHENA.MIT.EDU (Wayde York)
Tue Apr 2 09:59:52 1996
Date: Tue, 02 Apr 96 07:03:03 EST
From: "Wayde York" <yorkw@ncr.disa.mil>
To: www-security@ns2.rutgers.edu, Juergen Bund <bund@ccg.uc.pt>
Errors-To: owner-www-security@ns2.rutgers.edu
Attached is a bulletin from the Defense Information Systems Agency's
ASSIST team...
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Automated Systems Security Incident Support Team
_____
___ ___ _____ ___ _____ | /
/\ / \ / \ | / \ | | / Integritas
/ \ \___ \___ | \___ | | < et
/____\ \ \ | \ | | \ Celeritas
/ \ \___/ \___/ __|__ \___/ | |_____\
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Bulletin 95-24
Release date: 8 June, 1995, 6:45 AM EDT (GMT -4)
SUBJECT: Malicious code in counterfeit PKZip program.
SUMMARY: Files falsely identified as being updates to the popular
PKWARE Inc., PKZip utility contain malicious code. The files are
being distributed on various network (Internet) and dial-up BBS
systems.
BACKGROUND: PKZip is a DOS shareware data compression utility. The
counterfeit PKZip file is named either PKZ300B.ZIP or PKZ300B.EXE, and
contains malicious code that can cause hard drives to be re-formatted.
According to PKWARE, Inc., when the PKZ300B.EXE self extracting
executable is run, all data on the hard drive is lost. The malicious
code contained in the PKZ300B files is not a computer virus, i.e. it
does not have the capability to automatically spread and infect other
systems or files.
IMPACT: All data on PC hard rive is lost when the corrupted program is
executed.
RECOMMENDED SOLUTIONS: Do not download and/or execute any file named
PKZ300B.EXE/ZIP. The most current release of PKZip from PKWARE Inc.,
is PKZ204G.exe which is available via anonymous FTP from pkware.com
(IP 198.137.186.90) in the /pub/pkware directory. If you have a copy
of the counterfeit PKZip utility, please contact ASSIST as soon as
possible.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ASSIST is an element of the Defense Information Systems Agency (DISA),
Center for Information Systems Security (CISS), that provides service
to the entire DoD community. Constituents
of the DoD with questions about ASSIST or computer security security
issues, can contact ASSIST using one of the methods listed below.
Non-DoD organizations/institutions, contact the Forum of Incident
Response and Security Teams (FIRST) (FIRST) representative. To obtain
a list of FIRST member organizations and their constituencies send an
email to
docserver@first.org with an empty "subject" line and a message body
containing the line "send first-contacts".
ASSIST Information Resources: To be included in the distribution list
for the ASSIST bulletins, send your Milnet (Internet) e-mail address
to assist-request@assist.mil. Back issues of ASSIST bulletins, and
other security related information, are available from the ASSIST BBS
at 703-607-4710, 327-4710, and through anonymous FTP from assist.mil
(IP address 199.211.123.11). Note: assist.mil will only accept
anonymous FTP connections from Milnet addresses that are registered
with the NIC or DNS. If your system is not registered, you must
provide your MILNET IP address to ASSIST before access can be
provided.
ASSIST Contact Information:
PHONE: 800-357-4231 (or 703-756-7974 DSN 289), duty hours are 06:00 to
22:30 EDT (GMT -4) Monday through Friday. During off duty hours,
weekends and holidays, ASSIST can be reached via pager at 800-791-
4857. The page will be answered within 30 minutes, however if a
quicker response is required, prefix the phone number with "999".
ELECTRONIC MAIL: Send to assist@assist.mil.
ASSIST BBS: Leave a message for the "sysop".
ASSIST uses Pretty Good Privacy (PGP) 2.6.2 as the digital signature
mechanism for bulletins. PGP 2.6.2 incorporates the RSAREF(tm)
Cryptographic Toolkit under license from RSA Data Security, Inc. A
copy of that license is available via anonymous FTP from
net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt. In
accordance with the terms of that license, PGP 2.6.2 may be used for
non-commercial purposes only. Instructions for downloading the PGP
2.6.2 software can also be obtained from net-dist.mit.edu in the
pub/PGP/README file. PGP 2.6.2 and RSAREF may be subject to the
export control laws of the United States of America as implemented by
the United States Department of State Office of Defense Trade
Controls. The PGP signature information will be attached to the end
of ASSIST bulletins.
Reference herein to any specific commercial product, process, or
service by trade name, trademark manufacturer, or otherwise, does not
constitute or imply its endorsement, recommendation, or favoring by
ASSIST. The views and opinions of authors expressed herein shall not
be used for advertising or product endorsement purposes.
