[Fwd: W32/NewApt Worm Bears Watching]

To: "n*@onelist.com" , "hosta-open@mallorn.com" , "h*@onelist.com"
Subject: [Fwd: W32/NewApt Worm Bears Watching]
From: B*
Date: Fri, 24 Dec 1999 11:25:10 -0800

Good morning
	I got another email from Ted saying 3 people have notified him that
this is starting to show in their mail already(daylily robin). I have
another email from him on this subject if anyone wants to look at that
also.
-- 
Bye
Bob

                Bob Axmear 208 2nd St Ne  Waukon,Ia 52172-1308 
                http://www.hostasonline.com/  Hostasonline.com  
                http://www.gardensights.com  GARDENSIGHTS.COM

To: undisclosed-recipients:;
Subject: W32/NewApt Worm Bears Watching
From: T*@aol.com
Date: Fri, 24 Dec 1999 09:55:34 EST

Good Morning Everyone,

The W32/NewApt worm is a new e-mail worm that was discovered on 12/14/99 and 
has been given the designation, "High Risk" by McAfee. The worm arrives as an 
e-mail attachment. So, once again, the key point is not to open the 
attachment. What follows is some basic material that will help to explain 
what this virus is all about. If you wish to read further, please go to the 
McAfee website:

http://www.mcafee.com/viruses/newapt/

The body of the email appears differently depending on whether the email 
client reads HTML. If it does, the email text looks like this: 

--------------------------------------------------------------- 
http://stuart.messagemates.com/index.html

Hypercool Happy New Year 2000 funny programs and animations...

We attached our recent animation from this site in our mail ! Check it out 

--------------------------------------------------------------- 
If the email client is not HTML-capable, the message reads: 

"he, your lame client cant read HTML, haha. click attachment to see some 
stunningly HOT stuff" 

The worm is in the attachment, which has a name chosen randomly from the 
following list: 

baby.exe, bboy.exe, boss.exe, casper.exe, chestburst.exe, cooler1.exe, 
cooler3.exe, copier.exe, cupid2.exe, farter.exe, fborfw.exe, goal.exe, 
goal1.exe, g-zilla.exe, irngiant.exe, hog.exe, monica.exe, panther.exe, 
panthr.exe, party.exe, pirate.exe, s.exe, saddam.exe, theobbq.exe, video.exe. 

If the worm is run, the following dummy error message appears: 

The dinamic link library giface.dll could not be found in the specified path 
[list of directory names] 

Note the misspelling of the word "dynamic". 

If the worm detects that Outlook Express is installed, it will search for 
messages received and build a list of addresses. The next time Windows is 
booted, the worm waits an unspecified amount of time and then attempts to 
send itself to one of the addresses in its list, using the format described 
above.
------------------------------------

I hope all your computers are now protected with anti-virus software.

Ted White
Daylily List Co-owner

Prev by Date: Re: Pro-mix (Was: Re: baking dirt)
Next by Date: Re: Why so LONNNNNNG.
Prev by thread: Re: Auction Standings---Sorry!
Next by thread: help

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index