[ISN] PrettyPark: Part worm, part Trojan

From: cult hero (jerichoat_private)
Date: Thu Jun 10 1999 - 03:58:40 PDT

  • Next message: cult hero: "[ISN] A Mouse That Roars?"

    Forwarded From: Raj Mathur <rajuat_private>
    PrettyPark hits Windows users hard
    Victims of e-mail virus increase 2,000 percent over the weekend,
    Symantec reports.
    By Shauna Sampson, ZDTV
    June 7, 1999 4:25 PM PT
    PrettyPark, a French e-mail virus, got a tremendous boost from home PC
    users this weekend. Anti-virus software maker Symantec said it has
    observed an increase of 2,000 percent in apparent victims since Friday. 
    These victims of the virus, which is being described as a worm with Trojan
    capabilities, are likely Microsoft Windows users who are being sent to a
    custom Internet relay chat channel without their knowledge.  Once there,
    victims' personal data -- ranging from e-mail address book lists,
    operating system preferences and registration numbers, passwords, and form
    data (including stored credit card information) -- can be potentially
    retrieved from the victim's PC without their knowledge by the virus
    PrettyPark is the first known worm with Trojan capabilities and its very
    own custom IRC channel. "This virus took months to write, and it's creator
    put a great deal of effort into it," says Steve Trilling of Symantec
    (Nasdaq:SYMC). "But it only took us 15 minutes to come up with the cure." 
    However, consumers are being hit harder by the virus because they are less
    likely to update their anti-virus software than large companies or
    businesses and are more likely to open and run executables sent by what
    appears to be family or friends. 
    Spread via e-mail
    The virus is spread when PC users open an attached e-mail program file
    named "PrettyPark.EXE". When executed, it may display the Windows 3D pipe
    screen saver while it creates and sends duplicate files of itself to
    e-mail addresses listed in the user's Internet address book.  PrettyPark
    will run this routine every 30 seconds, without the user's knowledge. It
    will also connect to the custom IRC channel while the PC owner is on the
    Internet or reading e-mail while connected to a remote server. 
    PrettyPark: Part worm, part Trojan
    So far only Windows-based systems seem to be vulnerable, the virus is
    definitely spreading and anti-virus software manufacturers are expecting
    to see more victims in the IRC chat rooms. 
    Protecting yourself
    In order to protect themselves from PrettyPark and other viruses, PC users
    should update their anti-virus software and avoid opening e-mail
    Researchers are trying to determine if other e-mail programs, such as
    Eudora and Lotus Notes, are vulnerable, presently the Mac and Linux
    Operating Systems do not seem to be effected. 
    Use of ZDNet is subject to certain Terms & Conditions.Please read ZDNet's
    Privacy Statement (reviewed by TRUSTe). Copyright (c) 1999 ZDNet. All
    rights reserved. Reproduction in whole or in part in any form or medium
    without express written permission of ZDNet is prohibited.  ZDNet and the
    ZDNet logo are trademarks of Ziff-Davis Inc. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: OSAll [www.aviary-mag.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:30 PDT