[HPN] Fw: FCG Networks (Virus Alert: FBI Finds 911 Virus Wiping Out Hard Drives Today)

William Tinker wtinker@fcgnetworks.net
Tue, 4 Apr 2000 16:06:03 -0400

++++++++++++GROUP THIS IS NOT A HOAX**************
A Brother

----- Original Message -----
From: FCG Networks/Christina Asanowicz <chrisa@fcgnetworks.net>
To: cyber-announce <cyberport-announce@fcgnetworks.net>
Sent: Tuesday, April 04, 2000 3:09 PM
Subject: FCG Networks (Virus Alert: FBI Finds 911 Virus Wiping Out Hard
Drives Today)

> FCG Networks/Cyberport wanted to make our customers aware of this new
> that may be going around. Although it sounds like the virus has not yet
> become widespread, we thought best to make you all aware of this new virus
> ahead of time. That way you can be on the lookout for this virus and be
> prepared ahead of time. Below will describe the virus in detail and what
> should be looking for and what to do.
> At 8:00 am on Saturday, April 1 (This is not an April Fool's joke!)
> the FBI announced it had discovered malicious code wiping out the data on
> hard drives and dialing 911.  This is a vicious virus and needs to
> be stopped quickly. That can only be done through wide-scale
> individual action.  Please forward this note to everyone who you
> know who might be affected.
> The FBI Advisory is posted at http://www.nipc.gov/nipc/advis00-038.htm
> The 911 virus is the first "Windows shares virus." Unlike recent
> viruses that propagate though eMail, the 911 virus silently jumps
> directly from machine to machine across the Internet by scanning
> for, and exploiting, open Windows shares. After successfully
> reproducing itself in other Internet-connected machines
> (to assure its continued survival) it uses the machine's modem to
> dial 911 and erases the local machine's hard drive. The virus is
> operational; victims are already reporting wiped-out hard drives.
> The virus was launched through AOL, AT&T, MCI, and NetZero in the
> Houston area.  The investigation points to relatively limited
> distribution so far, but there are no walls in the Internet.
> -----------------
> Action 1: Defense
> -----------------
> Verify that your system and those of all your coworkers, friends, and
> associates are not vulnerable by verifying that file sharing is
> turned off.
> * On a Windows 95/98 system, system-wide file sharing is managed by
> selecting My Computer, Control Panel, Networks, and clicking on the
> File and Print Sharing button.  For folder-by-folder controls, you
> can use Windows Explorer (Start, Programs, Windows Explorer) and
> highlight a primary folder such as My Documents and then right mouse
> click and select properties.  There you will find a tab for sharing.
> * On a Windows NT, check Control Panel, Server, Shares.
> For an excellent way to instantly check system vulnerability, and for
> detailed assistance in managing Windows file sharing, see: Shields
> Up! A free service from Gibson Research (http://grc.com/)
> -------------------
> Action 2: Forensics
> -------------------
> If you find that you did have file sharing turned on, search your
> hard drive for hidden directories named "chode", "foreskin", or
> "dickhair" (we apologize for the indiscretion - but those are the
> real directory names). These are HIDDEN directories, so you must
> configure the Find command to show hidden directories. Under the
> Windows Explorer menu choose View/Options: "Show All Files".
> If you find those directories: remove them.
> And, if you find them, and want help from law enforcement, call the
> FBI National Infrastructure Protection Center (NIPC) Watch Office
> at 202-323-3204/3205/3206.  The FBI/NIPC has done an extraordinary
> job of getting data out early on this virus and deserves both kudos
> and cooperation.
> You can help the whole community by letting both the FBI and
> SANS (intrusion@sans.org) know if you've been hit, so we can
> monitor the spread of this virus.
> --------------
> Moving Forward
> --------------
> The virus detection companies received a copy of the code for the
> 911 Virus early this morning, so keep your virus signature files
> up-to-date.
> We'll post new information at www.sans.org as it becomes available.
> Prepared by:
> Alan Paller, Research Director, The SANS Institute
> Steve Gibson, President, Gibson Research Corporation
> Stephen Northcutt, Director, Global Incident Analysis Center
> Christina Asanowicz
> Call Center Manager
> FCG Networks/Cyberport
> 1-800-992-3420 ext.233
> chrisa@cyberportal.net
> http://www.fcgnetworks.net
> "Quality Internet Access for Your Family and Business"