[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] PrettyPark: Part worm, part Trojan
From:       cult hero <jericho () dimensional ! com>
Date:       1999-06-10 10:58:40
[Download RAW message or body]


Forwarded From: Raj Mathur <raju@sgi.com>


PrettyPark hits Windows users hard

Victims of e-mail virus increase 2,000 percent over the weekend,
Symantec reports.

By Shauna Sampson, ZDTV
June 7, 1999 4:25 PM PT

PrettyPark, a French e-mail virus, got a tremendous boost from home PC
users this weekend. Anti-virus software maker Symantec said it has
observed an increase of 2,000 percent in apparent victims since Friday. 

These victims of the virus, which is being described as a worm with Trojan
capabilities, are likely Microsoft Windows users who are being sent to a
custom Internet relay chat channel without their knowledge.  Once there,
victims' personal data -- ranging from e-mail address book lists,
operating system preferences and registration numbers, passwords, and form
data (including stored credit card information) -- can be potentially
retrieved from the victim's PC without their knowledge by the virus
writer. 

PrettyPark is the first known worm with Trojan capabilities and its very
own custom IRC channel. "This virus took months to write, and it's creator
put a great deal of effort into it," says Steve Trilling of Symantec
(Nasdaq:SYMC). "But it only took us 15 minutes to come up with the cure." 

However, consumers are being hit harder by the virus because they are less
likely to update their anti-virus software than large companies or
businesses and are more likely to open and run executables sent by what
appears to be family or friends. 

Spread via e-mail

The virus is spread when PC users open an attached e-mail program file
named "PrettyPark.EXE". When executed, it may display the Windows 3D pipe
screen saver while it creates and sends duplicate files of itself to
e-mail addresses listed in the user's Internet address book.  PrettyPark
will run this routine every 30 seconds, without the user's knowledge. It
will also connect to the custom IRC channel while the PC owner is on the
Internet or reading e-mail while connected to a remote server. 

PrettyPark: Part worm, part Trojan

So far only Windows-based systems seem to be vulnerable, the virus is
definitely spreading and anti-virus software manufacturers are expecting
to see more victims in the IRC chat rooms. 

Protecting yourself

In order to protect themselves from PrettyPark and other viruses, PC users
should update their anti-virus software and avoid opening e-mail
attachments. 

Researchers are trying to determine if other e-mail programs, such as
Eudora and Lotus Notes, are vulnerable, presently the Mac and Linux
Operating Systems do not seem to be effected. 

Use of ZDNet is subject to certain Terms & Conditions.Please read ZDNet's
Privacy Statement (reviewed by TRUSTe). Copyright (c) 1999 ZDNet. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission of ZDNet is prohibited.  ZDNet and the
ZDNet logo are trademarks of Ziff-Davis Inc. 


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: OSAll [www.aviary-mag.com]

[prev in list] [next in list] [prev in thread] [next in thread]