Klarinet Archive - Posting 000441.txt from 1996/11

From: Daniel Abramovich <dabramov@-----.EDU>
Subj: Re: Virus Warning <fwd>
Date: Thu, 21 Nov 1996 15:55:17 -0500

OK.. I posted the "Good Time Virus Hoax FAQ" once.. I had hoped that was
enough.. check out www.symantec.com and go to their "Virus Research
Center" for more info on anything realted to computer viruses. I picked
this up from there once upon a time..

Aliases: PKZip Trojan

Infection Length: Trojan Horse

Area of Infection: Trojan Horse

Likelihood: Uncommon

Region Reported: Internet FTP sites, Communication Service Providers

Keys: Wild, Trojan Horse

Technical Notes:

The 3b Trojan is a Trojan Horse program that claims to be the latest
version of PKWARE Inc.'s PKZIP program, version 3.0g. This Trojan was first
received by the Symantec AntiVirus Research Center in late July of 1995.
The definition (fingerprint) was integrated into the August 1995 virus
definition set and has been part of every update since that initial release.

This is NOT A VIRUS. Trojan Horse programs do not replicate and spread
themselves. Instead, they masquerade as legitimate programs, in this case
a new release of PKWARE Inc.'s PKZIP. Users download these programs, thinking
them beneficial, and run them. To reiterate, users must manually download
these files and consciously run them for the event, or trigger, to take
place. Please note that the vast majority of Trojan Horse programs are
written with a destructive intention.

The 3b Trojan has been distributed under the following names:

PKZ300B.EXE
PKZ300B.ZIP
PKZIP300.EXE
PKZIP300.ZIP

The triggered event is to format the hard drive. The "self-extracting"
versions of the trojan (.EXE) and the PKZIP.EXE contained within the other
archive both have this trigger. There have also been reports that the 3b
Trojan "affects modems of 1.44 and higher." These accounts are
incorrect; this Trojan has no such capability.

As of April 16, 1996, only the following releases of PKWARE Inc.'s PKZIP
program are valid: 1.10, 1.93, 2.04c, 2.04e and 2.04g.

In response, PKWARE Inc. has issued the following statement:

"It has come to the attention of PKWARE that a fake version of
PKZIP is being distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an offical
version from PKWARE and it will attempt to erase your hard drive if run.
It attempts to perform a deletion of all the directories of your current
drive. If you have any information as to the creators of this trojan horse,
PKWARE would be extremely interested to hear from you. If you have any
other questions about this fake version, please email support@-----.com"

    
     Copyright © Woodwind.Org, Inc. All Rights Reserved    Privacy Policy    Contact charette@woodwind.org