[11557] in bugtraq
(Fwd) Virus Propagated by Pegasus Mail
daemon@ATHENA.MIT.EDU (Keith Wyatt)
Sat Aug 28 14:34:51 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <BUGTRAQ%1999082722170800@LISTS.SECURITYFOCUS.COM>
Date: Thu, 26 Aug 1999 22:38:14 -0700
Reply-To: kew@teleport.com
From: Keith Wyatt <kew@TELEPORT.COM>
X-To: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
------- Forwarded message follows -------
Priority: normal
Date sent: Thu, 26 Aug 1999 21:56:31 -0400
Send reply to: Pegasus Mail Announcments <PM-NEWS@BAMA.UA.EDU>
From: Andrew Morrow <Andrew@packet.org>
Subject: Virus Propagated by Pegasus Mail
To: PM-NEWS@BAMA.UA.EDU
We have received a number of reports about a virus that uses Pegasus
Mail to propagate itself.
Information about the virus is available from a number of makers of
anti-virus products:
<http://www.sophos.com/downloads/ide/index.html#toadie>
<http://www.symantec.com/avcenter/venc/data/termite.7800.html>
<http://www.Europe.DataFellows.com/v-descs/toadie.htm>
<http://vil.nai.com/vil/vfi10235.asp> (same as mcafee.com)
The virus does not destroy data files but it can destroy infected
program files if the timestamps of those files are changed. As well,
infected programs will refuse to run between certain times of the
evening (local time).
When an infected program is run, the virus attempts to propagate
itself by looking for unsent Pegasus Mail messages and adding itself
as an attachment to those messages. (We are still investigating the
exact technique used by the virus, with an eye towards enhancing
Pegasus Mail to detect an infected message and prevent it from
spreading.) The people at Sophos have told us that the virus program
often crashes while replicating, so the risk of infection appears to
be quite low. As well, since the virus appears to look for *.PMW
files to attach itself to, Pegasus Mail users on networks using
Mercury or users with the "send mail at once" option enabled run a
low risk of passing on the virus.
It is IMPORTANT to note that the recipient does NOT have to be using
Pegasus Mail as their mail client in order for their machine to
become infected. You should ALWAYS be careful about running
executable attachments, even if they come from someone that you
trust!
Please contact your favourite anti-virus software vendor for
information on their products to both detect and remove this virus.
On behalf of David Harris,
Cheers!
Andrew.
--------------------------------------------------------------------
Andrew Morrow home:andrew@packet.org
office:amorrow@dataradio.com
Member of the Pegasus Mail Support Group
List owner of the PMAIL, PM-WIN, PM-DOS, PM-MAC and MERCURY
lists
------- End of forwarded message -------
--
Best Regards,
Keith
--------------------------------------------------------------------------
Home page http://www.teleport.com/~kew/
Ham, Scanner & Radio Page http://n6jpa.htmlplanet.com/
Subscribe to SWL Utility Talk Mail List at:
http://www.onelist.com/subscribe/ute-talk
--------------------------------------------------------------------------
