[Date Prev][Date Next][Date Index]

E-M:/ [Fwd: Confirmed Computer Virus Alert!]

-- BEGIN included message

Please pass this warning on to fellow environmental
activists.  The existence of the virus described below
has been confirmed by information system

>>> HELP LINE 12/11/98 02:29pm >>>
EPA's Office of Information Resources forwarded the
following information of a computer virus (Trojan horse
program) that is targeted at environmentalists.  Please
read about the computer virus below.  In this case,
there is no easy way to tell you have been attacked, so
to prevent the virus, please don't open an attached file
from someone you don't know who sends you
something over the Internet.  Immediately report any
unusual system behavior or virus exposures to the
computer Helpline, X4357.  

Gil Omega
NVFEL Information Security Officer
DOD Information Systems Team

Back Orifice Trojan Horse
A computer virus (Trojan horse program) was sent in
a e-mail message with an attached "extract.exe" file
from ecojustice@aol.com.  The message which
accompanied the file said:

Dear Environmentalist,
I have attached several hundred internal documents
from seven companies that I consider to be the worst
environmental polluters in history.  These were taken
off numerous anonymous ftp sites and were therefore
unknowingly posted to the Internet.  I plan to make
these documents public knowledge to expose their
blatant disregard for the environment.
The attached file is a sel-extracting [sic] archive and I
encourage you to use this information as you see fit.
Attachment Converted:  ... \extract.exe

The attachment, extract.exe, is an executable program
containing a payload of the program Back Orifice. 
Back Orifice is a nasty new Trojan horse that came
out recently; it is a remote control tool released by the
Cult of the Dead Cow group. The Trojan horse allows
an intruder to monitor and tamper with Windows 95
and Windows 98 computers over the Internet. There is
no easy way for a computer user to know the attack is
taking place, and there is no easy way to stop the
attack once Back Orifice has installed itself on the
computer.  In a typical attack, the intruder sends the
Back Orifice Trojan horse to his victim as a program
attached to e-mail.  When the e-mail recipient
executes the program attachment, the Trojan horse
opens connections from the computer to the Internet.
This allows the intruder to control the computer. The
Trojan horse is invisible and will restart itself
automatically even if Windows is re-booted.   Back
Orifice allows a hacker to view and modify any files on
the hacked computer. It can create a log file of the
computer user's actions. It can take screen shots of
the computer screen and send them back to the
hacker. And it can be used to send messages to the
user of the computer. Or it can simply crash the

Basically it boils down to this:
NEVER, EVER open an attached file from someone
you don't know who sends you something over the
Internet.  I might add that American OnLine accounts
are the most notorious.  Reading an email text
message won't cause a problem but running an
attached file might.  Delete the extract.exe file if you
receive it and its Win95 registry entry.

-- END included message