Virus Warnings from September 2001
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac]
[Jump to Linux] [Jump to Misc]
______________________________________________________________
Amiga
No warnings for September 2001
Top of Page
Windows
27 September 2001 - Latest Virus Descriptions
Warning About: EPOC/Ghost
* Click here for F-Secure Virus Report
Aliases: Ghost in the Machine, Ghost
Variant: EPOC/Ghost.A
Release Note: This trojan horse flashes insulting messages on the
screen.
Warning About: EICAR-test
* Click here for F-Secure Virus Report
Aliases: EICAR.COM, EICAR-Test-File, EICAR_Test_file,
Eicar Test File, MPFS01
Release Note: The correct operation of F-Secure anti-virus products
can be tested with a special test file. This is a dummy file which is
detected by exactly like if it were a virus. Naturally, the file is not
a virus. When executed, EICAR.COM will display the text 'EICAR-STANDARD-
ANTIVIRUS-TEST-FILE!' and exit. EICAR is the European Institute of
Computer Anti-virus Research, reachable at http://www.eicar.org
Warning About: EPOC/Fake
* Click here for F-Secure Virus Report
Aliases: FakeFormat, Fake
Release Note: This trojan horse periodically displays a message box
which claims that the Internal "C" disk is corrupt and then simulates
the formatting process, scaring the user.
Warning About: EPOC/Alarm
* Click here for F-Secure Virus Report
Aliases: FalseAlarm, Alarm
Variant: EPOC/Alarm.A
Release Note: This trojan horse makes alarm sounds, consuming battery
power.
Warning About: EPOC/Lights
* Click here for F-Secure Virus Report
Aliases: Lights in the Sky, Lights
Release Note: This trojan horse toggles the backlight on and off to
drain the battery.
Warning About: StrangeBrew
* Click here for F-Secure Virus Report
Aliases: Java virus, MPFS02
Release Note: Found in August 1998, StrangeBrew was the first virus to
infect Java files. Being Java based virus the StrangeBrew is capable of
executing in almost any platform that has Java runtime environment
installed. The virus is capable of executing on Windows and Linux
platforms and in PDA devices which have Java runtime installed.
StrangeBrew does not do anything else except spread. As such, it can
not be considered a realistic threat. It has not been found in the
wild.
Warning About: EPOC/Alone
* Click here for F-Secure Virus Report
Aliases: Leave Me Alone, Alone
Release Note: This trojan horse fools the user to think that an IR
receive process has activated, and then displays a message box with a
virus warning message. A black square then starts to bounce around the
screen and no keyboard input is accepted, until the user types "LEAVE
ME ALONE".
Warning About: EPOC/BadInfo
* Click here for F-Secure Virus Report
Aliases: (Dis)Owner Information, BadInfo
Release Note: This trojan horse replaces the owner information with the
text "Some fool owns this".
Warning About: Symbian/EICAR-test
* Click here for F-Secure Virus Report
Aliases: EICAR.COM, EICAR-Test-File, EICAR_Test_file, Eicar Test File
Release Note: The correct operation of F-Secure anti-virus products can
be tested with a special test file. This is a dummy file which is
detected by exactly like if it were a virus. Naturally, the file is not
a virus. When executed, EICAR.COM will display the text 'EICAR-STANDARD-
ANTIVIRUS-TEST-FILE!' and exit. EICAR is the European Institute of
Computer Anti-virus Research, reachable at http://www.eicar.org
Warning About: W32/Vote.c@MM
* Click here for NAI Virus Report
Release Note: AVERT has received 1 samples of this threat from the
field. This variant is a cross between W32/Vote.a@MM and W32/Vote.b@MM.
It basically is the same as the .b variant only it uses the email
information from the .a variant. W32/Vote.c@MM is a mass-mailing worm
which arrives with an email message containing the following
information:
Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM !
Body: Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.EXE
Warning About: W32/Vote.b@MM
* Click here for NAI Virus Report
Aliases: W32.Vote.B@mm (NAV)
Release Note: AVERT has received 1 samples of this threat from the
field. This variant only varies slightly from W32/Vote.a@MM. The email
message/attachment is different and the file deleting routine is not
called. In addition, it does not attempt to delete anti-virus software
files. W32/Vote.b@MM is a mass-mailing worm which arrives with an email
message containing the following information:
Subject: Fwd:This War Must Be Done !
Body: Hi
We Must Fight , We Must ReMemBer Our Victims!
No Peace Before KiLLing TeRRoRists !
Attachment: Anti_TeRRoRisM.exe
25 September 2001 - Possible Exploitation Of Recent Tragic Events
Kaspersky Labs says the reverberations of last week's horrific and
vicious attacks on the United States have rippled throughout the world,
and will undoubtedly remain indelible in everyone's memory. One of the
tactless results of this macabre event is that it could become the target
of misuse in the guise of the computer underground exploiting user
curiosity by enclosing malicious code in the form of providing news
updates. Similar psychological tactics that virus writers use to
manipulate users for the purpose of infecting computers is well known.
In addition, the latest modification of the "GoDog" virus has been
detected, being dubbed "World Trade Center" by its larval writer.
* Click here for F-Secure Virus Report on Vote
Aliases: WTC, W32/Vote@mm, I-Worm.Vote
Vote is a simple Visual Basic virus which uses the WTC tragedy as a ploy
to get people to execute it. It spreads further via e-mail as a mass
mailer. The worm uses standard Windows Mail API to access the user's
address book. This affects users of MAPI compatible e-mail clients,
mainly Microsoft Outlook.
The e-mails sent by the worm look like this:
From: name-of-the-infected-user
To: random-name-from-address-book
Subject: Fwd:Peace BeTween AmeriCa and IsLaM !
Hi
iS iT waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.exe
25 September 2001 - Do Not Use Internet Or E-Mail Without The Patch
Kaspersky Labs has been warning about incidents of infection in
connection with the network worm "Nimda". "Nimda" ("Admin" backwards)
poses a serious threat to both companies and individual users alike. The
worm opens all disks installed on an infected computer for full access.
In this way, anyone who wishes may delete, change, copy, or view any
document on the infected computer. This could cause the disclosure, loss,
and unauthorized changing of confidential information.
07 September 2001 - Latest Virus Descriptions
Warning About: W32/Choke.d.worm
* Click here for NAI Virus Report
Release Note: This worm spreads via Microsoft's MSN Messenger program.
If MSN Messenger is not installed on the local system, the worm could
install itself, but would fail to spread to others from that system.
Warning About: IRC/Theme.worm
* Click here for NAI Virus Report
* Click here for Kaspersky Labs Virus Report
* Click here for Symantec Virus Report
Release Note: This is an IRC worm that pretends to be a "Lara Croft"
desktop theme file. Another version was named "Mesut" theme.
Warning About: Magistr
* Click here for F-Secure Virus Report
* Click here for NAI Virus Report
* Click here for Symantec Virus Report
Aliases: IWorm_Magistr, I-Worm.Magistr, W32/Magistr@mm
Release Note: Magistr is a very dangerous memory resident Win32 worm
combined with virus infection routines.
IMPORTANT NOTE! As Magistr encrypts files larger than 131 kilobyte with
a key that depends on a computer's name, disinfection of such files
should be performed only on the computer that they were infected on.
Warning About: StrangeBrew
* Click here for F-Secure Virus Report
Aliases: Java virus, MPFS02
Release Note: Found in August 1998, StrangeBrew was the first virus to
infect Java files. It is unable to infect or spread from Java applets
which are executed over the internet. However, it is able to spread
from Java applet or application to another if executed locally.
Warning About: HackTack
* Click here for F-Secure Virus Report
Aliases: Backdoor.HackTack
Release Note: HackTack is a backdoor that allows a remote attacker to
take over a victim's machine. When run the backdoor copies itself to
the Windows directory as 'CfgWiz32.exe'.
Warning About: Asylum
* Click here for F-Secure Virus Report
Aliases: Backdoor.Asylum
Release Note: Asylum is a simple backdoor that works on Windows 9x/ME,
NT/2000.
Warning About: FunLove
* Click here for F-Secure Virus Report
Aliases: Win32_FLC, Win32.FLC, FLCSS
Release Note: FunLove is a memory resident Win32 virus. It was found in
the wild in several countries in November 1999 - including US, UK and
Czech Republic.
Warning About: Apost
* Click here for F-Secure Virus Report
* Click here for NAI Virus Report
* Click here for Symantec Virus Report
Aliases: I-Worm.Readme, W32/Apost@mm, Readme, Readme.exe,
W32/Apost-A, W95/Urquest.24576, W32.Urgent.Worm@mm,
Win32/Yoview.A@mm
Release Note: Readme is a simple mass-mailer written in Visual Basic.
The worm has been found in the wild on September 3rd, 2001. It is a PE
EXE file 24576 bytes long. Its code is not compressed.
Warning About: Invalid
* Click here for F-Secure Virus Report
* Click here for NAI Virus Report
Aliases: I-Worm.Invalid, Ivalid, I-Worm.Invalid.A, Invalid.Worm
Release Note: Invalid is an Internet worm written in pure Assembly. The
worm's file is a 12288 bytes long PE EXE file. The worm's file is not
compressed.
Top of Page
Macintosh
No warnings for September 2001
Top of Page
Linux
27 September 2001 - Latest Virus Descriptions
Warning About: StrangeBrew
* Click here for F-Secure Virus Report
Aliases: Java virus, MPFS02
Release Note: Found in August 1998, StrangeBrew was the first virus to
infect Java files. Being Java based virus the StrangeBrew is capable of
executing in almost any platform that has Java runtime environment
installed. The virus is capable of executing on Windows and Linux
platforms and in PDA devices which have Java runtime installed.
StrangeBrew does not do anything else except spread. As such, it can
not be considered a realistic threat. It has not been found in the
wild.
Top of Page
Miscellaneous
27 September 2001 - Latest Virus Descriptions
Warning About: StrangeBrew
* Click here for F-Secure Virus Report
Aliases: Java virus, MPFS02
Release Note: Found in August 1998, StrangeBrew was the first virus to
infect Java files. Being Java based virus the StrangeBrew is capable of
executing in almost any platform that has Java runtime environment
installed. The virus is capable of executing on Windows and Linux
platforms and in PDA devices which have Java runtime installed.
StrangeBrew does not do anything else except spread. As such, it can
not be considered a realistic threat. It has not been found in the
wild.
27 September 2001 - Latest HOAX Descriptions
There is an updated list of Virus HOAXES on the News Page.
07 September 2001 - Latest HOAX Descriptions
There is an updated list of Virus HOAXES on the News Page.
07 September 2001 - Latest Virus Descriptions
Warning About: MPF
* Click here for F-Secure Virus Report
Aliases: MPFS, MPFP, MPFPP, Multi Platform
Release Note: No viruses by this name exist. MPF is platform alias name
used for viruses which can affect a wide range of systems.
Warning About: EICAR-test
* Click here for F-Secure Virus Report
Aliases: EICAR.COM, EICAR-Test-File, EICAR_Test_file,
Eicar Test File, MPFS01
Release Note: The correct operation of F-Secure anti-virus products
can be tested with a special test file. This is a dummy file which is
detected by exactly like if it were a virus. This file is known as
EICAR Standard Anti-virus Test file, and it is also detected by several
other anti-virus products in a similar manner.
Warning About: Symbian/EICAR-test
* Click here for F-Secure Virus Report
Aliases: EICAR.COM, EICAR-Test-File, EICAR_Test_file,
Eicar Test File
Release Note: The correct operation of F-Secure anti-virus products
can be tested with a special test file. This is a dummy file which is
detected by exactly like if it were a virus. This file is known as
EICAR Standard Anti-virus Test file, and it is also detected by
several other anti-virus products in a similar manner.
Naturally, the file is not a virus. When executed, EICAR.COM will
display the text 'EICAR-STANDARD-ANTIVIRUS-TEST-FILE!' and exit.
EICAR is the European Institute of Computer Anti-virus Research,
reachable at http://www.eicar.org
Top of Page
Back to the Virus Archives page