Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Strategies & Market Trends : Cents and Sensibility - Kimberly and Friends' Consortium -- Ignore unavailable to you. Want to Upgrade?

To: patriotcadet who wrote (41619)	12/9/1999 9:27:00 AM
From: Frederick Langford	Read Replies (1) \| Respond to of 108040

MCAF Virus Advisory: Network Associates Upgrades Risk Assessment on Babylonia Worm; T /FROM PR NEWSWIRE SAN FRANCISCO 415-543-7800/ -- WITH PHOTO -- TO BUSINESS AND TECHNOLOGY EDITORS: Virus Advisory: Network Associates Upgrades Risk Assessment on Babylonia Worm; The First Automatically Updating Virus New W95.Babylonia.worm Arrives Disguised as a Y2K Bug Fix; Allows Virus Writers to Deliver New Payloads over the Internet SANTA CLARA, Calif., Dec. 7 /PRNewswire/ -- AVERT (Anti-Virus Emergency Response Team), a division of NAI Labs at Network Associates, Inc. (Nasdaq: NETA), today assigned a "Medium -- On Watch" risk assessment for the recently discovered W95.Babylonia.worm, the first of a new class of virus that automatically updates its payload via the Internet. First discovered by AVERT, on December 6, Babylonia is spreading through more than 20 locations on several continents, and can deliver varied destructive payloads by automatically downloading new components via the Internet. The worm also has the capability to strike on a specific date and time (e.g. possibly re-format user hard drives on January 1, 2000). Users are advised to update their anti-virus software to detect Babylonia on infected systems. For immediate Internet gateway protection to disable Babylonia's updating capabilities, users of Network Associates' WebShield gateway antivirus and Gauntlet Firewall products can also block the necessary outbound Internet traffic to specific IP addresses. (Photo: newscom.com ) Symptoms Babylonia is a complex 32bit worm distributed via Internet Relay Chat virtual meeting channels by mIRC, the most popular chat application for the Windows operating system. The file arrives disguised as a Y2K bug fix sent by another member of an active channel. If the "2KBug-MircFix.exe" file is executed, the user will become infected. The system will not display obvious signs of infection (though the Autoexec.bat may be modified and an email may be surreptitiously sent to an email account), but the payloads may be changed through Babylonia's Internet updating capability. Pathology Babylonia will monitor for an Internet connection and if made, will attempt to connect to a virus authoring group website hosted in Japan to download new components of the virus. When the components are downloaded, the virus will use them to further spread and/or will execute the newly delivered payload. The existing components instruct the virus to send the email to a specific email account and to modify the Autoexec.bat as noted above. If mIRC is installed, the existing components will modify the script.ini configuration file, and when the user connects to an IRC channel the virus infected file "2KBug-MircFix.exe" will be automatically sent to all other connected parties. New components simply need to be listed on the Web site to be downloaded onto the user's machine and executed via the virus, which checks back with the Web site every 60 seconds when an Internet connection is active. Thus a more malicious payload could take effect almost instantly if released when a high percentage of users were likely to be online. Cure To avoid the risk of contracting Babylonia, it is recommended that corporate customers download the new EXTRA.DAT and upgrade to the latest version of their Network Associates anti-virus software at nai.com. Consumers can find protection and needed information at McAfee.com Corporation's (Nasdaq: MCAF) mcafee.com. With headquarters in Santa Clara, Calif., Network Associates, Inc. is dedicated to providing leading enterprise network security and management software. AVERT, the anti-virus research division of NAI Labs, currently employs more than 90 virus researchers and maintains labs on five continents worldwide. In addition to studying new and existing security threats, AVERT serves as a global resource for virus information and provides rapid, follow-the-sun support for virus emergencies worldwide. AVERT has also introduced a Risk Assessment system for ranking the relative danger posed by new viruses discovered "in the wild." AVERT Risk Assessment is the first system created by virus research experts to help network administrators assess the risk associated with new virus outbreaks. For more information, Network Associates can be reached at 972-308-9960 or on the Web at nai.com. NOTE: Network Associates, Gauntlet, VirusScan and McAfee are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. SOURCE Network Associates, Inc. /CONTACT: John Sun of Network Associates, Inc., 408-346-5344; orKelly Shall of Copithorne & Bellows, 415-538-7540, for Network Associates,Inc.; or Consumers, Caroline Carey of McAfee.com, 408-572-1515; orMichelle Michalak of Copithorne & Bellows, 415-975-2293, for McAfee.com/ /Photo: NewsCom: newscom.com Archive: photoarchive.ap.orgprn Photo Desk, 888-776-6555 or 201-369-3467/ /Company News On-Call: prnewswire.com or fax,800-758-5804, ext. 128095/ /Web site: mcafee.com /Web site: nai.com Dec-09-1999 00:06 GMT Symbols: US;NETA US;MCAF Source PRN PR NewsWire Categories: NWR/CA NWI/CPR NWI/MLM