New E-mail Virus ... W32/NewApt.worm

"Tyler Nally" (tnally@iquest.net)
Mon, 20 Dec 1999 21:31:09 -0500
Messages sorted by:[ date ][ thread ][ subject ][ author ]
_______________________VIRUS ALERT__________________________


*********** VIRUS ALERT - W32/NewApt.worm ************

W32/NewApt is an email worm. AVERT has given it a risk 
assessment of Medium--On Watch. 

This worm arrives as an email attachment. The body of the 
email appears differently depending on whether the email 
client reads HTML. If it does, the email text looks like 
this: 

       http://stuart.messagemates.com/index.html 

    Hypercool Happy New Year 2000 funny programs and 
                      animations... 

   We attached our recent animation from this site in our 
                  mail ! Check it out 

If the email client is not HTML-capable, the message reads: 

  he, your lame client cant read HTML, haha. click 
  attachment to see some stunningly HOT stuff 

The worm is in the attachment, which has a name chosen 
randomly from the following list: 

  baby.exe, bboy.exe, boss.exe, casper.exe, chestburst.exe, 
  cooler1.exe, cooler3.exe, copier.exe, cupid2.exe, 
  farter.exe, fborfw.exe, goal.exe, goal1.exe, g-zilla.exe, 
  irngiant.exe, hog.exe, monica.exe, panther.exe, 
  panthr.exe, party.exe, pirate.exe, s.exe, saddam.exe, 
  theobbq.exe, video.exe. 

If the worm is run, the following dummy error message 
appears: 

  The dinamic link library giface.dll could not be found in 
  the specified path [list of directory names] 

Note the misspelling of the word "dynamic". 

If the worm detects that Outlook Express is installed, it 
will search for messages received and build a list of 
addresses. The next time Windows is booted, the worm waits 
an unspecified amount of time and then attempts to send 
itself to one of the addresses in its list, using the 
format described above. 

--
Bro Tyler Nally 
Owner Higher-Fire Oneness Apostolic E-mailing list
<tnally@iquest.net> <tgnally@prairienet.org> <tn@higherfire.org>

To e-mail all list owner/moderators, send e-mail to ...

   higher-fire-request@prairienet.org

To e-mail the higher-fire list with a message, send e-mail to ...

   higher-fire@prairienet.org

The Higher-Fire listprocessor's e-addresses for changes and queries ...

        listproc@prairienet.org 

 a) ... To Subscribe               SUB HIGHER-FIRE Your Name
 b) ... To UnSubscribe             UNSUB HIGHER-FIRE
 c) ... To Postpone Mail           SET HIGHER-FIRE MAIL POSTPONE
 d) ... To Resume Mail             SET HIGHER-FIRE MAIL ACK
 e) ... To Change to H-F Digests   SET HIGHER-FIRE MAIL DIGEST
 f) ... To Check H-F Settings      SET HIGHER-FIRE 
 g) ... To Review H-F Subscription REVIEW HIGHER-FIRE
H-F Homepage     :  http://www.prairienet.org/upci/h-f.html
H-F WWW Archives :  http://www.higherfire.org
H-F Nettiquette  :  http://www.higherfire.org/netiq.html
H-F F.A.Q.       :  http://www.higherfire.org/FAQ.html
H-F KJV Bible    :  http://www.higherfire.org/kjv
H-F QuickTour    :  http://www.prairienet.org/~tgnally/HigherFireTour.html
H-F Questionaire :  http://www.prairienet.org/upci/questions.html

H-F IRC Channel  :  #higher-fire on a Undernet.org server

  "...prefer to hear educated blessings preach than ignorant blessing!"
  - Bro Robert Jay Brown III