VIRUS WARNING in Emails "Pleeeeeeease read!!!! it was on the news"

[BigBoy]

The following virus has been reported - sourcing in the UK.

Email Message: Pleeeeeeease read!!!! it was on the news
Virus: W32.1nstaK1LL.23.6
Creation date: 2004-12-17 03:45:12.43 GMT
Severity: High

Description: The "InstaKill" virus propagates through email attachments
and in forwarded email messages. Upon infection, the host computer
opens a port in a range specified within the virus code, enabling other
executable software to be downloaded and installed without the user's
knowledge. The virus then searches for Word documents, initially
looking within any directories containing the words "Private",
"Confidential" or "Personal", and also looking for any documents which
appear to contain bank or other financial information. It sends
financial documents by File Transfer Protocol (FTP) to a central
(infected) computer which is periodically scanned for this information.
It also attaches itself to a random Word document as a macro and emails
itself to all contacts within the infected computer user's Outlook,
Novell Groupwise or Palm Desktop address books. The email subject line
is a random text string from the infected document.

Patch: Because of the evolving nature of this virus, there is no patch
currently available.

Action:
1. Do not open Word documents with macros enabled, even from sources
you usually trust, without first verifying the contents and purpose of
file.
2. Prevention is currently better than cure - forward this virus
warning to your contacts to remain vigilant. Send only plain text
messages - do not send attachments.
3. Update your virus software daily as a patch will likely be
forthcoming.
4. There is a UK hotline for information on this virus. Call +44 1252
323625 (24 hours a day) for the latest information on this virus
threat.

 

[aD]

(Headers for the sake of (e-mail address removed), Cc:ed.
Path:
news.aaisp.net.uk!news-peer-lilac.gradwell.net!80.71.0.131.MISMATCH!caladan!border2.nntp.ams.giganews.com!nntp.giganews.com!news.cs.univ-paris8.fr!news.glorb.com!postnews.google.com!c13g2000cwb.googlegroups.com!not-for-mail
From: BigBoy <[email protected]>
Newsgroups: alt.comp.anti-virus
Subject: VIRUS WARNING in Emails "Pleeeeeeease read!!!! it was on the news"
Date: 20 Dec 2004 04:39:00 -0800
Organization: http://groups.google.com
Lines: 38
Message-ID: <[email protected]>
NNTP-Posting-Host: 212.240.89.182
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1103546345 1648 127.0.0.1 (20 Dec 2004 12:39:05
GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Mon, 20 Dec 2004 12:39:05 +0000 (UTC)
User-Agent: G2/0.2
Complaints-To: (e-mail address removed)
Injection-Info: c13g2000cwb.googlegroups.com; posting-host=212.240.89.182;
posting-account=-8_44w0AAADZY0SkbA9T9pWJwXGvFbkU
Xref: news.aaisp.net.uk alt.comp.anti-virus:59473

The following virus has been reported - sourcing in the UK.

The following hoax has been reported - sourcing in France. (I think)

Email Message: Pleeeeeeease read!!!! it was on the news

Usenet post: (e-mail address removed)

Virus: W32.1nstaK1LL.23.6

Hoax: VIRUS WARNING in Emails "Pleeeeeeease read!!!! it was on the news"

Creation date: 2004-12-17 03:45:12.43 GMT

Creation date: 2004-12-20 12:39:05 +0000 UTC

Severity: High

Severity: Unimportant

Action:
1. Do not open Word documents with macros enabled, even from sources
you usually trust, without first verifying the contents and purpose of
file.

Action:
1. They may actually have relevant advice, but don't let that fool you.

2. Prevention is currently better than cure - forward this virus
warning to your contacts to remain vigilant <snip>

2. They will always ask you to forward their "warning" to others. Report
the hoax to it's source.

3. Update your virus software daily as a patch will likely be
forthcoming.

3. Wonder why they don't do a more convincing job.

4. There is a UK hotline for information on this virus. Call <snip> (24
hours a day) for the latest information on this virus threat.

4. Don't telephone, email or otherwise communicate directly to any sources
quoted in the hoax, you could be harassing an innocent individual/business
or they could be harvesting information.

 

[Jeffrey A. Setaro]

[Snip]

4. Don't telephone, email or otherwise communicate directly to any sources
quoted in the hoax, you could be harassing an innocent individual/business
or they could be harvesting information.

Try plugging the phone number into Google...

<http://www.google.com/search?hl=en&...n-US:official&q="+44+1252+323625"&btnG=Search>


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[aD]

[Snip]

4. Don't telephone, email or otherwise communicate directly to any sources
quoted in the hoax, you could be harassing an innocent individual/business
or they could be harvesting information.

Try plugging the phone number into Google...

<http://www.google.com/search?hl=en&...n-US:official&q="+44+1252+323625"&btnG=Search>

Hah, brilliant! I needed a laugh to break the endless Christmas card
writing ;-)

And I can't speel hoax.

aD

 

[David W. Hodgins]

2. They will always ask you to forward their "warning" to others. Report
the hoax to it's source.

Good times are here again...

Regards, Dave Hodgins