------- Forwarded message follows ------- Priority: normal Date sent: Thu, 26 Aug 1999 21:56:31 -0400 Send reply to: Pegasus Mail Announcments <PM-NEWSat_private> From: Andrew Morrow <Andrewat_private> Subject: Virus Propagated by Pegasus Mail To: PM-NEWSat_private We have received a number of reports about a virus that uses Pegasus Mail to propagate itself. Information about the virus is available from a number of makers of anti-virus products: <http://www.sophos.com/downloads/ide/index.html#toadie> <http://www.symantec.com/avcenter/venc/data/termite.7800.html> <http://www.Europe.DataFellows.com/v-descs/toadie.htm> <http://vil.nai.com/vil/vfi10235.asp> (same as mcafee.com) The virus does not destroy data files but it can destroy infected program files if the timestamps of those files are changed. As well, infected programs will refuse to run between certain times of the evening (local time). When an infected program is run, the virus attempts to propagate itself by looking for unsent Pegasus Mail messages and adding itself as an attachment to those messages. (We are still investigating the exact technique used by the virus, with an eye towards enhancing Pegasus Mail to detect an infected message and prevent it from spreading.) The people at Sophos have told us that the virus program often crashes while replicating, so the risk of infection appears to be quite low. As well, since the virus appears to look for *.PMW files to attach itself to, Pegasus Mail users on networks using Mercury or users with the "send mail at once" option enabled run a low risk of passing on the virus. It is IMPORTANT to note that the recipient does NOT have to be using Pegasus Mail as their mail client in order for their machine to become infected. You should ALWAYS be careful about running executable attachments, even if they come from someone that you trust! Please contact your favourite anti-virus software vendor for information on their products to both detect and remove this virus. On behalf of David Harris, Cheers! Andrew. -------------------------------------------------------------------- Andrew Morrow home:andrewat_private office:amorrowat_private Member of the Pegasus Mail Support Group List owner of the PMAIL, PM-WIN, PM-DOS, PM-MAC and MERCURY lists ------- End of forwarded message ------- -- Best Regards, Keith -------------------------------------------------------------------------- Home page http://www.teleport.com/~kew/ Ham, Scanner & Radio Page http://n6jpa.htmlplanet.com/ Subscribe to SWL Utility Talk Mail List at: http://www.onelist.com/subscribe/ute-talk --------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:08 PDT