More viruses being sent directly to list users

John Farrington jfarr at LIVINGSTON.NET
Sun Dec 19 18:22:25 EST 1999


Virus attachments to E-mails continue to be E-mailed directly to users
of this list (not via the list):                     ^^^^^^^^
              ^^^^^^^^^^^^^^^^
On 12/18/99 Dave (AI7R, List Admin) mentioned that:
> Myself and at least one other person has gotten a message from an
> unknown source that contained what looked like a copy of the bboy.exe
> (Bubble Boy) virus.  We didn't open it to find out of course, and
> that's exactly what you have to do if you get one...not open it.

Today I received a similar worm attachment named "HOG.EXE", so be
warned that someone with access to this list is sending destructive
virus/worm files directly to our E-mail addresses copied from the
list. There is a notice about these worms and others on Symantec's
site at:

  http://www.symantec.com/avcenter/venc/data/worm.newapt.html

The E-mail message will have a subject line from messages posted on
the Heath list, and the return address may be forged to make it look
like it originated from yourself via your local ISP.

The attached worm file may be named something like these:

   g-zilla.exe, cooler3.exe, cooler1.exe, copier.exe, video.exe,
   pirate.exe, goal1.exe, hog.exe, party.exe, saddam.exe, monica.exe,
   boss.exe, farter.exe, cheeseburst.exe, panther.exe, theobbq.exe,
   goal.exe, baby.exe, bboy.exe, cupid2.exe, fborfw.exe, casper.exe,
   irnglant.exe, or gadget.exe.

In this case the bogus E-mail came from or via 209.123.116.60, which
belongs to:

    Net Access Corp., 110 S. Jefferson Rd, Newton, NJ, 07860,
 and/or               104 Broadway, Denville, NJ, 07834,
     Coordinator Ryan Pavely  (201) 983-0725
                 paradox at NAC.NET,

so perhaps someone on our list has local access to that phone number
and could inform Mr. Pavely that one of NAC's addresses is being used
to forward virus files. Maybe they have the means to trace it.

73

John Farrington  KE5ZB











A worm named HOG.EXE

Sponsored by the City of Tempe 

Listserver Submissions:  heath at listserv.tempe.gov
Listserver Subscription: listserv at listserv.tempe.gov - "subscribe heath 'name' 'call'"
Listserver Unsubscribe: listserv at listserv.tempe.gov - -"signoff heath"




More information about the Heath mailing list