Received: from LOCALNAME ([153.34.254.134]) by spain.it.earthlink.net (8.7.5/8.7.3) with SMTP id WAA24437; Tue, 17 Sep 1996 22:00:13 -0700 (PDT)
Date: Tue, 17 Sep 1996 22:00:13 -0700 (PDT)
Message-Id: <1.5.4.16.19960918010957.3a1f7980@earthlink.net>
X-Sender: nswpp@earthlink.net
X-Mailer: Windows Eudora Light Version 1.5.4 (16)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: nswpp@earthlink.net
From: NSWPP-CSU 
Subject: URGENT VIRUS WARNING!!!

                                VERY IMPORTANT!!!      


There is a computer virus that is being sent across the Internet. If  you
receive an email message with the subject line "Good  Times", DO NOT read 
the message, DELETE it immediately.  Please read the messages below.
     
Some miscreant is sending e-mail under the title "Good Times"
nationwide, if you get anything like this, DON'T DOWN LOAD THE FILE! It
has a virus that rewrites your hard drive, obliterating anything on it. 
Please be careful and forward this mail to anyone you care about.
     
The FCC released a warning last Wednesday concerning a matter of
major importance to any regular user  of the Internet. Apparently a new
computer virus has been engineered by a user of AMERICA ON LINE that is
unparalleled in its destructive capability. Other more well-known viruses
such as "Stoned", "Airwolf" and "Michaelangelo" pale in comparison to the
prospects of this newest creation by a warped mentality. What makes this
virus so terrifying, said the FCC, is the fact that no program needs to be
exchanged for a new computer to be infected. It can be spread through the
existing email systems of the Internet.
     
Once a Computer is infected, one of  several things can  happen. If
the computer contains a hard drive, that  will most likely be 
destroyed. If the program is not stopped, the computer's processor will
be placed in an nth-complexity infinite binary loop -which can severely
damage the processor if left running that way too long.
     
Unfortunately, most novice computer users will not realize what is 
happening until it is far too late. Luckily, there is one sure means of
detecting what is now known as the "Good Times" virus. It always travels
to new computers the same way in a text email message with the subject
line reading "Good Times". Avoiding infection is easy once the file has
been received simply by NOT READING IT! The act of loading the file into
the mail server's ASCII buffer causes the "Good Times" mainline program to
initialize and execute.

The program is highly intelligent- it will  send copies of itself
to everyone whose email address is contained in a receive-mail file or a
sent-mail file, if it can find one. It will then proceed to trash the
computer it is running on.
     
The bottom line is:  - if you receive a file with the subject line
"Good  Times", delete it  immediately! Do not read it"  Rest assured that
whoever' name was on the  "From" line was surely struck by the virus. Warn
your friends and  local system users of this newest threat to the Internet!
It could save them a lot of time and money.
     
     
     
2ND Subject:  New and Dangerous Virus For your information ...
     
DO NOT DOWNLOAD ANY FILE NAMED PKZIP300 REGARDLESS OF THE EXTENSION
     
We work closely with the military and received this message from a 
very reliable source in DC this morning.
     
A NEW Trojan Horse Virus has emerged on the internet with the name 
PKZIP300.ZIP, so named as to give the impression that this file is
a new  version of the PKZIP software used to "ZIP" (compress) files.
     
DO NOT DOWNLOAD this file under any circumstances!!! If you install 
or expand this file, the virus WILL wipe your hard disk clean and
affect modems at 14.4 and higher. This is an extremely destructive virus
and there is NOT  yet a way of cleaning up this one.
     
REPEAT: DO NOT DOWNLOAD ANY FILE NAMED PKZIP300 REGARDLESS OF THE  EXTENSION.
     






	"This destiny does not tire, nor can it be broken, and its mantle of
strength descends upon those in its service." - Francis Parker Yockey, IMPERIUM









Received: from LOCALNAME (Cust121.Max4.Raleigh.NC.MS.UU.NET [153.34.254.121]) by andorra.it.earthlink.net (8.7.5/8.7.3) with SMTP id PAA12211; Thu, 19 Sep 1996 15:46:13 -0700 (PDT)
Date: Thu, 19 Sep 1996 15:46:13 -0700 (PDT)
Message-Id: <1.5.4.16.19960919185345.2e07f554@earthlink.net>
X-Sender: nswpp@earthlink.net
X-Mailer: Windows Eudora Light Version 1.5.4 (16)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: nswpp@earthlink.net
From: NSWPP-CSU 
Subject: New Kind of Internet Attack Spreading

TO ALL SUBSCRIBERS:

        Several people have contacted us and stated that the "Good Times"
virus warning we sent you several days ago was a widespread Internet hoax
and that there is no such virus, although the second warning about ZIP300
was genuine.
That may be true, but we figured it was better to be safe than sorry so we
passed the warning along to you.

        The attached article is legit and it deals with another form of
Internet sabotage. Most of the users on this list are concerned with Net
freedom and we need to keep up with anything that threatens it.

NEW KIND OF INTERNET ATTACK SPREADING 
By JOHN MARKOFF

NEW YORK  --  A new type of Internet sabotage reported recently by
a small New York-based service provider is spreading and has now
occurred at least a dozen other World Wide Web sites around the
nation.

So far, the attacks, which tie up network computers so other
users cannot have access to them, have created more of a nuisance
than any real damage. But they have inconvenienced organizations
that include the Public Access Networks Corp. and the Internet
Chess Club.

And while the federally financed Computer Emergency Response
Team at the Software Engineering Institute at Carnegie-Mellon
University believes the incidents are primarily the work of
unsophisticated vandals who are passing around a recipe for this
type of break-in, officials concede that there is no easy defense
against the attack.

The response team is preparing a warning that will be
distributed over the Internet to government, university and
corporate network administrators.

The attacks, first reported on Sept. 12 by the operators of
Public Access Networks in New York, actually began about six weeks
ago, according to Computer Emergency Response Team officials. The
identities of the victims of these earlier attacks have not yet
been released.

By bombarding an Internet server with more than one hundred
requests for service each second, each coming from a randomly
generated false address, the attacker is able to shut out
legitimate users.

Computer Emergency Response Team officials said they were
drafting an advisory that they planned to release by the end of
Thursday. The warning will detail the nature of the attack and its
impact on the Internet community.

"We have no solution now," said Larry Rogers, a senior member
of the response team's technical staff. "But we believe that we
can limit the impact."

Other network security experts are less optimistic.
"I wish there was cheery news here," said Eugene Spafford,
director of the Computer Operating Audit Security and Technology
Laboratory at Purdue University. "It's clear that anti-social
individuals with a grudge and a PC can do tremendous damage."

And Alexis Rosen, co-founder of Public Access Networks, said the
number of sites attacked might be in the hundreds, based on reports
from network administrators who fear being identified. Rosen said
that his company had devised a shield against his particular
attacker. But he said that his remedy would not necessarily work
against a determined vandal using a more powerful computer.

Internet sites reporting attacks include at least two chess
server computers, which enable users to play chess electronically
against remote opponents.

Daniel Sleator, a professor of computer science at
Carnegie-Mellon University and an organizer of the Internet Chess
Club, said that his organization's host computer had been attacked
last week by the flooding program and that the attacks had
continued on Monday.

"The problems are not devastating but they are quite
irritating," he said. "I think this is sick, but I guess that is
what these guys do."

Sleator said the club had dealt with the problem by making other
ports, or electronic doors, available to its members.

He said the source of the attack had been traced back as far as
Netcom On-Line Communications Services Inc., a San Jose, Calif.,
based Internet provider. But Netcom officials have had difficulty
persuading another Internet service providers to help them trace the
attacks further, Sleator said.

Several people familiar with the investigation said that
security officials were close to identifying at least some of the
culprits who were conducting the attacks.

Recipes for conducting the attack, which have been known to
Internet security experts for some time but never before seen
deployed on a widespread basis, were recently published in two
underground computer publications, 2600 and Phrack.

Security officials are concerned because this type of attack
exploits the basic design of the Internet itself. The software
protocols, or routing instructions, on which the Internet is based
were not designed to prevent this message flooding, and so the
attacks are difficult to prevent or counteract.

One partial solution is to configure each Internet service
provider's routing computers so that they will not permit users to
transmit messages that contain bogus addresses. But since there are
now millions of computers connected to the Internet, it would be
impossible to make certain that each Internet service provider
adhered to this solution.

Several makers of network server computers were working intently
Wednesday to develop mechanisms that might protect against the
attack. One possibility is using cryptographic, or data-scrambling,
techniques to make certain that the computer sending a message is
positively identified before the recipient computer attempts to
process the message. But even if such a solution is perfected, the
necessary software would have to be widely distributed before it
could act as a widespread deterrent to the attacks.

Another vexing problem is tracing the location of a malicious
computer user who is transmitting false addresses over the
Internet. The network was not constructed to make it easy to trace
the true location of such a hidden attacker through the network.

 


	"This destiny does not tire, nor can it be broken, and its mantle of
strength descends upon those in its service." - Francis Parker Yockey, IMPERIUM

Home ·  Site Map ·  What's New? ·  Search Nizkor