home *** CD-ROM | disk | FTP | other *** search
- Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
- Path: sparky!uunet!europa.asd.contel.com!paladin.american.edu!auvm!MSU.BITNET!21765EDT
- X-Resent-From: Sally Laughon <LAUGHON@VTVM1>
- xFrom: KIDSNET MAILING LIST <KIDSNET@pittvms>
- Message-ID: <EDTECH%92090411054976@OHSTVMA.IRCC.OHIO-STATE.EDU>
- Newsgroups: bit.listserv.edtech
- Approved: NETNEWS@AUVM.AMERICAN.EDU
- Date: Fri, 4 Sep 1992 10:02:26 EDT
- Sender: "EDTECH - Educational Technology" <EDTECH@OHSTVMA.BITNET>
- Comments: Resent-From: EDTECH Moderator <21765EDT@MSU>
- From: "EDTECH Moderator" <21765EDT@MSU.BITNET>
- Subject: PKZIP Trojan Alert
- Lines: 108
-
- Date: 31 Jul 92 16:31:42 MDT
- From: JESMITH@starburst.uscolo.EDU
- Subject: PKZIP Trojan Alert
-
- _____________________________________________________
- The Computer Incident Advisory Capability
- ___ __ __ _ ___
- / | / \ /
- \___ __|__ /___\ \___
- _____________________________________________________
- INFORMATION BULLETIN
-
- PKZIP Trojan Alert
-
- JULY 8, 1992, 1700 PT Number C-27
-
- ________________________________________________________________________
- PROBLEM: Bogus versions of the PKZIP archiving software have been
- released to Bulletin Board Systems (BBS).
- PLATFORM: PCs running PC-DOS, or MS-DOS
- DAMAGE: One version attempts to erase the hard disk.
- DETECTION: Look for the files: PKZ201.ZIP, PKZ201.EXE, PKZIPV2.ZIP, or
- PKZIPV2.EXE
- REMOVAL: Save a copy of the files for CIAC, then delete the files. Do
- not extract or run these files.
- ________________________________________________________________________
- Critical Facts about the PKZIP Trojan
-
-
- CIAC has learned that two bogus versions of the popular archiving
- utility PKZIP for PC-DOS and MS-DOS machines are being circulated on
- several BBSs around the country. The two bogus versions of PKZIP are,
- 2.01 (PKZ201.ZIP and PKZ201.EXE) and 2.2 (PKZIPV2.ZIP and
- PKZIPV2.EXE). If you have downloaded any of these files, do not
- attempt to use them. You risk the destruction of all the data on your
- hard disk if you do.
-
- At the current time, the released version of PKZIP is version 1.10. A
- new version of PKZIP is expected to be released in the next few months.
- Its version number was planned to be 2.00, but may be increased to a
- number greater than 2.2 to prevent confusion with the bogus versions.
- PKWARE Inc. has indicated it will never issue a version 2.01 or 2.2 of
- PKZIP. A good copy of the latest version of PKZIP can always be gotten
- from the PKWARE BBS listed below.
-
- According to PKWARE Inc. version 2.01 is a hacked version of PKZIP 1.93
- Alpha. While this version does not intentionally do any damage, it is
- alpha level software, and may have serious bugs in it.
-
- Version 2.2 is a simple batch file that attempts to erase your C:\ and
- C:\DOS directories. If your hard disk has been erased by this program,
- you may be able to recover it using hard disk undelete utilities such
- as those in Norton Utilities, or PCTools. Don't do anything that might
- create or expand a file on your hard disk until you have undeleted the
- files, as you may overwrite the deleted files which will destroy them.
- To examine a file to see if it is version 2.2, type it to the screen
- with the DOS TYPE command. If the file that prints on the screen is a
- short batch file with commands such as DEL C:\*.*, or DEL C:\DOS\*.*
- then you have the bogus file.
-
- If you should happen to see any of these files on a BBS, please contact
- the sysop of that BBS immediately, and ask him to remove them. If you
- have downloaded one of these files, please save a copy for CIAC, and
- then delete the files from your hard disk. PKWARE Inc. has also asked
- to be informed of any occurrences of these files, and can be reached
- at,
-
- Voice: 414-354-8699 BBS: 414-354-8670 FAX: 414-354-8559
-
- or by mail:
-
- PKWARE Inc.
- 9025 N. Deerwood Drive
- Brown Deer, WI 53223 USA
-
- For additional information or assistance, please contact CIAC:
-
- CIAC at (510) 422-8193/(FTS)
- FAX (510) 423-8002/(FTS)
- send e-mail to ciac@llnl.gov.
-
- PLEASE NOTE: Many users outside of the DOE and ESnet computing
- communities receive CIAC bulletins. If you are not part of these
- communities, please contact your agency's response team to report
- incidents. Some of the other teams include the NASA NSI response team,
- DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your
- agency's team will coordinate with CIAC.
-
- CIAC would like to acknowledge the contribution of: PKWARE Inc.
-
- This document was prepared as an account of work sponsored by an agency
- of the United States Government. Neither the United States Government
- nor the University of California nor any of their employees, makes any
- warranty, express or implied, or assumes any legal liability or
- responsibility for the accuracy, completeness, or usefulness of any
- information, apparatus, product, or process disclosed, or represents
- that its use would not infringe privately owned rights. Reference
- herein to any specific commercial products, process, or service by
- trade name, trademark, manufacturer, or otherwise, does not necessarily
- constitute or imply its endorsement, recommendation or favoring by the
- United States Government or the University of California. The views and
- opinions of authors expressed herein do not necessarily state or
- reflect those of the United States Government or the University of
- California, and shall not be used for advertising or product
- endorsement purposes.
-
-
- Submitted to EDTECH by Sally Laughon LAUGHON@VTVM1.BITNET
-