-- BEGIN included message
- Subject: Confirmed Computer Virus Alert!
- From: "Michael Sklar" <tiger3@provide.net>
- Date: Mon, 14 Dec 1998 18:08:00 -0500
Please pass this warning on to fellow environmental activists. The existence of the virus described below has been confirmed by information system professionals. >>> HELP LINE 12/11/98 02:29pm >>> EPA's Office of Information Resources forwarded the following information of a computer virus (Trojan horse program) that is targeted at environmentalists. Please read about the computer virus below. In this case, there is no easy way to tell you have been attacked, so to prevent the virus, please don't open an attached file from someone you don't know who sends you something over the Internet. Immediately report any unusual system behavior or virus exposures to the computer Helpline, X4357. Gil Omega NVFEL Information Security Officer DOD Information Systems Team --------------- Back Orifice Trojan Horse A computer virus (Trojan horse program) was sent in a e-mail message with an attached "extract.exe" file from ecojustice@aol.com. The message which accompanied the file said: Dear Environmentalist, I have attached several hundred internal documents from seven companies that I consider to be the worst environmental polluters in history. These were taken off numerous anonymous ftp sites and were therefore unknowingly posted to the Internet. I plan to make these documents public knowledge to expose their blatant disregard for the environment. The attached file is a sel-extracting [sic] archive and I encourage you to use this information as you see fit. Attachment Converted: ... \extract.exe The attachment, extract.exe, is an executable program containing a payload of the program Back Orifice. Back Orifice is a nasty new Trojan horse that came out recently; it is a remote control tool released by the Cult of the Dead Cow group. The Trojan horse allows an intruder to monitor and tamper with Windows 95 and Windows 98 computers over the Internet. There is no easy way for a computer user to know the attack is taking place, and there is no easy way to stop the attack once Back Orifice has installed itself on the computer. In a typical attack, the intruder sends the Back Orifice Trojan horse to his victim as a program attached to e-mail. When the e-mail recipient executes the program attachment, the Trojan horse opens connections from the computer to the Internet. This allows the intruder to control the computer. The Trojan horse is invisible and will restart itself automatically even if Windows is re-booted. Back Orifice allows a hacker to view and modify any files on the hacked computer. It can create a log file of the computer user's actions. It can take screen shots of the computer screen and send them back to the hacker. And it can be used to send messages to the user of the computer. Or it can simply crash the computer. Basically it boils down to this: NEVER, EVER open an attached file from someone you don't know who sends you something over the Internet. I might add that American OnLine accounts are the most notorious. Reading an email text message won't cause a problem but running an attached file might. Delete the extract.exe file if you receive it and its Win95 registry entry.
-- END included message