[Date Prev][Date Next][Date Index]

E-M:/ [Fwd: Computer Virus Warning -Forwarded]



EPA's Office of Information Resources forwarded the
following information of a computer virus (Trojan horse
program) that is targeted at environmentalists.  Please read
about the computer virus below.  In this case, there is no
easy way to tell you have been attacked, so to prevent the
virus, please don't open an attached file from someone you
don't know who sends you something over the Internet.
---------------
Back Orifice Trojan Horse
A computer virus (Trojan horse program) was sent in a e-mail
message with an attached "extract.exe" file from
ecojustice@aol.com.  The message which accompanied the
file said:

Dear Environmentalist,
I have attached several hundred internal documents from
seven companies that I consider to be the worst
environmental polluters in history.  These were taken off
numerous anonymous ftp sites and were therefore
unknowingly posted to the Internet.  I plan to make these
documents public knowledge to expose their blatant
disregard for the environment.
The attached file is a sel-extracting [sic] archive and I
encourage you to use this information as you see fit.
Attachment Converted:  ... \extract.exe

The attachment, extract.exe, is an executable program
containing a payload of the program Back Orifice.  Back
Orifice is a nasty new Trojan horse that came out recently; it
is a remote control tool released by the Cult of the Dead Cow
group. The Trojan horse allows an intruder to monitor and
tamper with Windows 95 and Windows 98 computers over
the Internet. There is no easy way for a computer user to
know the attack is taking place, and there is no easy way to
stop the attack once Back Orifice has installed itself on the
computer.  In a typical attack, the intruder sends the Back
Orifice Trojan horse to his victim as a program attached to
e-mail.  When the e-mail recipient executes the program
attachment, the Trojan horse opens connections from the
computer to the Internet. This allows the intruder to control
the computer. The Trojan horse is invisible and will restart
itself automatically even if Windows is re-booted.   Back
Orifice allows a hacker to view and modify any files on the
hacked computer. It can create a log file of the computer
user's actions. It can take screen shots of the computer
screen and send them back to the hacker. And it can be
used to send messages to the user of the computer. Or it
can simply crash the computer.

Basically it boils down to this:
NEVER, EVER open an attached file from someone you
don't know who sends you something over the Internet.  I
might add that American OnLine accounts are the most
notorious.  Reading an email text message won't cause a
problem but running an attached file might.  Delete the
extract.exe file if you receive it and its Win95 registry entry.






-- BEGIN included message

-- BEGIN included message

EPA's Office of Information Resources forwarded the
following information of a computer virus (Trojan horse
program) that is targeted at environmentalists.  Please read
about the computer virus below.  In this case, there is no
easy way to tell you have been attacked, so to prevent the
virus, please don't open an attached file from someone you
don't know who sends you something over the Internet. 
Immediately report any unusual system behavior or virus
exposures to the computer Helpline, X4357.  

Gil Omega
NVFEL Information Security Officer
DOD Information Systems Team

---------------
Back Orifice Trojan Horse
A computer virus (Trojan horse program) was sent in a e-mail
message with an attached "extract.exe" file from
ecojustice@aol.com.  The message which accompanied the
file said:

Dear Environmentalist,
I have attached several hundred internal documents from
seven companies that I consider to be the worst
environmental polluters in history.  These were taken off
numerous anonymous ftp sites and were therefore
unknowingly posted to the Internet.  I plan to make these
documents public knowledge to expose their blatant
disregard for the environment.
The attached file is a sel-extracting [sic] archive and I
encourage you to use this information as you see fit.
Attachment Converted:  ... \extract.exe
 
The attachment, extract.exe, is an executable program
containing a payload of the program Back Orifice.  Back
Orifice is a nasty new Trojan horse that came out recently; it
is a remote control tool released by the Cult of the Dead Cow
group. The Trojan horse allows an intruder to monitor and
tamper with Windows 95 and Windows 98 computers over
the Internet. There is no easy way for a computer user to
know the attack is taking place, and there is no easy way to
stop the attack once Back Orifice has installed itself on the
computer.  In a typical attack, the intruder sends the Back
Orifice Trojan horse to his victim as a program attached to
e-mail.  When the e-mail recipient executes the program
attachment, the Trojan horse opens connections from the
computer to the Internet. This allows the intruder to control
the computer. The Trojan horse is invisible and will restart
itself automatically even if Windows is re-booted.   Back
Orifice allows a hacker to view and modify any files on the
hacked computer. It can create a log file of the computer
user's actions. It can take screen shots of the computer
screen and send them back to the hacker. And it can be
used to send messages to the user of the computer. Or it
can simply crash the computer.

Basically it boils down to this:
NEVER, EVER open an attached file from someone you
don't know who sends you something over the Internet.  I
might add that American OnLine accounts are the most
notorious.  Reading an email text message won't cause a
problem but running an attached file might.  Delete the
extract.exe file if you receive it and its Win95 registry entry.





-- END included message

-- END included message