pecet: PC FORMAT December Cover CD-ROM: infected

PC FORMAT December Cover CD-ROM: infected

Autor: by way of (F-PROT-Support_at_DataFellows.com)
Data: Thu 18 Dec 1997 - 10:13:30 MET

Następna wiadomość: Paweł Boguszewski: "Re: Z INTERNETU do GSM"
Poprzednia wiadomość: R.Zylla: "Re: okidata drukarka problem"
Wiadomości sortowane wg: [ datay ] [ wątku ] [ tematu ] [ autora ] [ załącznik ]

PC FORMAT December Cover CD-ROM: infected

The December 1997 issue of the popular European PC Format magazine,
published by UK-based Future Publishing, contains two cover CD-ROMs. One of
them contains files infected by a Word Macro virus.

PC Format is one of the most popular English-language computer magazines in
Europe. Issue 77 was distributed in the beginning of December with two
CD-ROMs attached to its cover: The demo CD contains three infected files.

The infected files are:
      \TECH\COMMAND\SOLOINFO.TXT
      \TECH\COMMAND\SOLOPR~1.TXT
      \TECH\COMMAND\COMPAT~1.TXT

By default, Windows opens such files to Notepad, where they appear to be
unreadable. The infected files are Microsoft Word document (.DOC) files
that have been renamed with a .TXT extension. These files should be
harmless unless opened with Microsoft Word 6, Word 95 or Word 97.

Future Publishing is aware of the situation and has published a statement,
with comments such as "...The CD-ROM is infected with a virus, but only a
teeny weeny one".

The virus in question is called WM/Imposter.E. It is also known as Wormy-1
by the text it displays. This virus was probably written in Greece, during
Summer 1997. WM/Imposter.E is a Word macro virus, and will spread within
.DOC files.

The first time a document with this virus is opened using Microsoft Word,
the virus will display the following message in the status bar upon exit:

WORMY-1 by NAENBGOURSG

The virus will proceed to infect every following document as it is saved,
also re-infecting files that have been infected already. The virus code
also contains the following text:

      by NAENBGOURSG
      SO.HT.AI.KS
      231076-GREECE
      Thanks to NEURO
      VRD 19-4-1997
      VRP A.U.A

F-PROT Professional, F-Secure Anti-Virus and F-MACRO have all been able to
detect and remove WordMacro/Imposter.E since July 1997. However, document
files with non-standard extensions are only scanned if you specify All
Files from the scan settings.

If you suspect that you might be infected by this virus, you can download a
copy of F-Secure Anti-Virus or the free F-MACRO utility from our Download
Gallery at http://www.DataFellows.com/gallery/

Read more information about this incident at
http://www.DataFellows.com/news/vir-news/

Następna wiadomość: Paweł Boguszewski: "Re: Z INTERNETU do GSM"
Poprzednia wiadomość: R.Zylla: "Re: okidata drukarka problem"
Wiadomości sortowane wg: [ datay ] [ wątku ] [ tematu ] [ autora ] [ załącznik ]

To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 16:38:33 MET DST