VIRUS info

BubbleBoy

Info on bubble boy can be found at http://www.microsoft.com/Security/Bulletins/bubbleboy.asp The url for a fix for outexpress: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm

CIH: Jeff forwarded:

IBM Ships Aptivas With CIH Virus ----Ian Stokell, Newsbytes

IBM Corp. confirmed to Newsbytes that the company shipped somewhere in the "thousands" of Aptiva PCs between Mar. 5 and Mar. 17 with an unexpected and unappealing feature: the CIH virus.
Stacy Pena, PR manager for IBM's Consumer Division, told Newsbytes that the strain of the CIH virus shipping with the Aptivas replicates on April 26. The Aptiva model numbers affected were the 240, 301, 520, and 580. IBM says the potentially affected computers have one of the following codes after "MFG DATE" AM909, AM910 or AM911.
While IBM could not say exactly in which part of the Aptiva software the CIH virus could be found she said that "it is transferred through executable files." She added that "it accompanies any executable file that may pass from one computer to another." The virus may render the infected PC inoperable.
IBM said that "all potentially affected customers who have registered their Aptiva with IBM Owner Privileges, and all others for whom IBM has a current, valid address, have already been contacted and will automatically receive an IBM Antivirus Update CD," which reportedly scans the computer for the virus, and removes it if found. The CD also apparently updates the anti-virus data files to enable Norton AntiVirus, preloaded with each Aptiva PC, to search for and clean new viruses.
IBM says it is also making the Antivirus Update program available to Aptiva owners electronically through the "Update Connector" feature, which allows Aptiva owners to download and install system updates.

A Worm Virus Epidemic-------John C. Dvorak , PC Magazine

The publicity last week surrounding the Melissa and Papa macro viruses and the copycat attacks that followed doesn't bode well for the future of Microsoft Word and Excel in their current forms. It's been known for years
that the architecture of these products, featuring embedded macro capabilities, is a bad idea and needs to be changed.
Years back, the antivirus community begged Microsoft to reconsider its designs for these programs. Microsoft refused. The company has never believed that people would bother to use macros in destructive ways. In
fact, Microsoft was so oblivious to the macro virus threat that it even managed to spread an early macro virus called Concept via some of its own CDs.
The basic problem is that embedded macros can't easily be analyzed as "good" or "bad" unless a known bad one crops up and its signature is then deciphered. So if you have macros in your document or spreadsheet, you
have to trust the person who sent the file before you execute the macros, assuming, of course, you know to toggle off the switch that makes macros execute automatically. Antivirus software creators have always believed
that the macro function should never have been incorporated within the document  but rather remain outside the document in a separate file for easy analysis.
The real culprit here is Microsoft. The operating system has never been made virus-proof, and allowing macro capabilities in Word and Excel invites destructive code. At least with OS-level viruses and worms, the coders usually have to have some assembly language skills. With a macro, Visual Basic will do the trick. Until this recent outbreak, many of the kids out there who like to cause trouble were never aware of how much trouble they could create. Now they know, and I expect the worst is yet to come.

Chernobyl

As most of you may know Chernobyl hit many pc's yesterday, here's a site
that has some general information
http://www.cert.org/incident_notes/IN-99-03.html

Happy99 4/18/99 #1930

Here is a little more information regarding the happy99 virus/worm.Please be advised that the methods used to remove the virus involve editing the system registry and other system components. IF THIS IS IMPROPERLY DONE, YOU COULD RENDER YOUR COMPUTER INOPERATIUE. We at E-Znet can provide information, but can of course, take no responsiblility for damages resulting from mistakes made during this type of system modification.the URL's below will provide directions for removing this virus. http://www.symantec.com/avcenter/venc/data/happy99.worm.html http://www.avertlabs.com/public/datafiles/valerts/vinfo/w32ska.asp http://www.geocities.com/SiliconValley/Heights/3652/ska.htm

Any infected computer automatically attaches the file to messages that it sends out. When someone runs the attached file, it will then try to infect that system. I believe it looks for Word, Outlook, and other Microsoft products that support "macros". When you get it, just delete the message without extracting or executing the file, and you should be ok. I would let the person know who sent it to you-they may not realize that they have the virus and are helping to spread it.

Trojan Horse Viri

Hummer.exe puts a back door on their machine