I forwarded a message about a Virus in PKZIP300.ZIP to CIAC. Dave Crawford (CIAC Team) confirmed this is a problem. -jeanie larson SETEC, Inc 719-532-1224
-- BEGIN included message
- To: jlarson@frii.com
- Subject: RE:[Fwd: **New and Dangerous Computer Virus** (fwd)]
- From: crawford@eek.llnl.gov (David Crawford)
- Date: Mon, 1 Apr 1996 15:21:14 -0800 (PST)
- Cc: ciac@llnl.gov
- In-Reply-To: <315FF8F0.180B@frii.com>
- References: <315FF8F0.180B@frii.com>
Jeanie, The following is from PKWare It has come to PKWARE's attention that a trojan version of PKZIP is being distributed under the name PKZ300B.ZIP or PKZ300B.EXE. This version is not an offical version and will attempt to destroy your HD. Delete it immediately if you have downloaded this version. If you have any further questions about this trojan version, contact PKWARE at: support@pkware.com. ============================ End PKWare Message ========================== PKWare lists the following as known PKZIP related hacks (modified or bogus versions) as of 06/01/95: PKZIP120 Early hack of 1.1 PKZIP20B Hack of 1.1 PKZIP_V2.EXE Trojan, will erase hard drive PKZ201.ZIP Hack of 1.93 PKZ201.EXE " PKX201.EXE " PKZ210F.EXE Unknown PKZIPV2 **TROJAN** will erase hard drives PKUNZIP.COM Unknown PKZIP203.EXE Unknown PUTAV 1.93 Fake putav program (Trojan) PKZIP 1.99 Unknown PKZIP 2.02 Unknown PKZIP 2.2 **TROJAN** destroys hard drives PKZ305.EXE Hack of 1.93, fave AV, **VIRUS** PKZ41V.EXE Hack of 1.93 PKZ300B.ZIP Trojan, will erase hard drives PKZ300B.EXE " If you have any questions or problems, please let us know. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) David L. Crawford (510)422-8193 (510)423-9905 ciac@llnl.gov crawford1@llnl.gov ---------------------------------------------------------------------- > This is a multi-part message in MIME format. > > --------------4BCE5AF913CE > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > Folks: > > Is this for real?? > > -jeanie > > > Jeanie Larson > SETEC, Inc. 719-532-1224 > Colorado Springs, CO 80920 > > --------------4BCE5AF913CE > Content-Type: message/rfc822 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > Return-Path: owner-www-security@ns2.rutgers.edu > Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by phobos.frii.com (8.6.12/8.6.9) with ESMTP id KAA11028 for <jlarson@frii.com>; Mon, 1 Apr 1996 10:41:14 -0700 > Received: (from daemon@localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) id XAA14737 for www-security-outgoing; Sun, 31 Mar 1996 23:21:26 -0500 > Received: from juliet.stfx.ca (juliet.stfx.ca [141.109.2.2]) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with SMTP id XAA14707 for <www-security@ns2.Rutgers.EDU>; Sun, 31 Mar 1996 23:20:53 -0500 > Received: by juliet.stfx.ca (AIX 3.2/UCB 5.64/4.10) > id AA61615; Mon, 1 Apr 1996 00:21:02 -0400 > Date: Mon, 1 Apr 1996 00:21:02 -0400 (AST) > From: Still <x93ojg@juliet.stfx.ca> > To: WWW Security <www-security@ns2.rutgers.edu> > Subject: **New and Dangerous Computer Virus** (fwd) > Message-Id: <Pine.A32.3.91.960401001924.44727B@juliet.stfx.ca> > Mime-Version: 1.0 > Content-Type: TEXT/PLAIN; charset=US-ASCII > Sender: owner-www-security@ns2.rutgers.edu > Precedence: bulk > Errors-To: owner-www-security@ns2.rutgers.edu > X-Mozilla-Status: 0001 > > I don't know if this is a load of crap or not so feel free to believe as > much of it as you want. > > >***Do not download any file named PKZIP300.ZIP regardless of the extension.*** > > > >WARNING!!!!! Read the following and take note for those of you whohave > >access to the web and FTP sites ... BE WARE!!! Notify your friends and > >family and total strangers too!!! No one wants to deal with this > >what-so-ever. > > > >A NEW Trojan Horse Virus has emerged on the internet with the name > >PKZIP300.ZIP, so named as to give the impression that this file is a new > >version of the PKZIP software used to "ZIP" (compress) files. > > > >DO NOT download this file under any circumstances!!! If you install or > >expand this file, this virus will wipe your hard drive clean and effect > >modems 14.4 or higher. This is an extremely destructive virus and as of yet > >there is no way of cleaning this one up. > > > >*** DO NOT DOWNLOAD ANY FILE NAMED PKZIP300.ZIP REGARDLESS OF THE > >EXTENSION!!!! *** > > > > > >This message came in to Newfoundland Light and Power on March the 29th at > >1:18 pm NST. Please. This is not a joke. This is serious. If you have > >already heard about it, this is a reminder. If you haven't, take heed. > > > > > >Andrew Laffin > >*--------------------------------------------------------------------------- > >-------* > >* Andrew Laffin/Ray Banfield > >* * c/o Ray Banfield > >* * rbanfiel@terra.nlnet.nf.ca > >* * CSHL: Marystown Bootleggars > >* * STRPG: Lt Andrew Myst > >* * XFRPG: SA-1 Andrew Faust, Sa-9 Paul O'Niell > >* * EHL: Marystown Monsters > >* > >*___________________________________________________________________________ > >_______ > >* You know your starship captain is a redneck when he has flames and a NRA > >sticker * * painted on his warp nacells > >* > >*___________________________________________________________________________ > >_______* > >Trivia Question- What does a bartender from Cheers and a Captain of the > >Starship Enterprise Have in common. All answers should be > >sent to Andrew Laffin at rbanfiel@terra.nlnet.nf.ca. > >Watch this space for the answer and a new question shortly > >after Easter. Unless someones knows the answer......! > >---------------------------------------------------------------------------- > >------ > > > > > > > > > > > > > > --------------4BCE5AF913CE-- > >
-- END included message