Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Politics : Ask Michael Burke -- Ignore unavailable to you. Want to Upgrade?

To: Knighty Tin who wrote (92472)	9/26/2001 8:28:21 AM
From: JHP	Read Replies (1) \| Respond to of 132070

Trojan Makes Travesty of Tragedy Social engineering schmucks create WTC Trojan Imagine a virus writer with no conscience and a really sick imagination. The mass-mailing email worm, Vote.A, is the viral product of just such a person. Pretending to be a means to vote for peace between Islam and America, the worm arrives in email with the subject line: Peace BeTweeN AmeriCa and IsLaM! and body text that reads: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! The attachment, WTC.EXE, carries a malicious payload capable of deleting system files and reformatting the hard drive. The worm also attempts deletion of antivirus programs installed in default locations. When executed, the Vote.A worm drops two files on the system: ZaCker.vbs is placed in the Windows directory and MixDaLaL.vbs is placed in the Windows\System folder. Vote.A also attempts to download a backdoor access Trojan that, if successful, could grant an unsavory third-party the same access rights as the legitimate user. According to antivirus vendor Symantec, the MixDaLaL.vbs file is responsible for seeking out files with the extensions .htm or .html and overwriting them with the message: AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You The system registry is modified to call ZaCker.vbs at the next system startup, at which time the worm attempts to delete all files in the Windows directory. It also overwrites the Autoexec.bat file, adding the command to reformat the hard drive. On Windows systems that invoke the Autoexec.bat file on startup, the subsequent boot up after this modification would result in the drive being reformatted. Finally, the worm displays the following dialog: Graphic courtesy of Symantec® Manual Removal Do not reboot the system until the following steps have been taken: 1. Modify the system registry to remove the subkey: Norton.Thar C:\Windows\System\ZaCker.vbs from the registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2. Modify the autoexec.bat file to remove the line echo Y \| format C 3. Delete the following files: Windows\ZaCker.vbs Windows\System\MixDaLaL.vbs Prevention Even in the best of times, email attachments should be viewed with suspicion. Given current world events, blocking of all executable-type attachments is a reasonable and prudent precaution. Additionally, antivirus software should be updated as often as the vendor makes updates available. Email this page!

To: Knighty Tin who wrote (92472)	9/26/2001 9:13:34 AM
From: Terry Maloney	Read Replies (1) \| Respond to of 132070

KT, that growl was definitely a classic. <g> I pretty much liked all his stuff, sappy or not, because of his incredible voice.