* via http://theMezz.com/lists * subscribe at http://techPolice.com
"Pentagone" virus spreads rapidly By Robert Lemos Staff Writer, CNET News.com December 4, 2001, 10:50 a.m. PT A mass-mailing e-mail worm started to spread quickly Tuesday, prompting anti-virus software makers to advise their customers to upgrade their virus definitions. Dubbed Pentagone, Goner or Gone, the Visual Basic Script program spreads via e-mail and the messaging system ICQ. On infected computers, it stops most anti-virus and security programs. "We are kind of seeing it follow the sun at the moment," said Mark Sunner, chief technology officer for e-mail service provider MessageLabs. "It has been waiting in in-trays of people coming into work." MessageLabs has captured more than 16,000 e-mails containing copies of the worm, said Sunner, adding that the rate, now at about 100 messages per minute, is increasing. The worm arrives in a message with the subject "Hi" and the following text in the body of the e-mail: How are you ? When I saw this screensaver, I immediately thought about you I am in a harry, I promise you will love it! Attached to the message is what appears to be a screensaver file, Gone.scr, a compressed copy of the worm. When the file is opened, Pentagone will infect the victim's PC, stopping a variety of anti-virus and security applications and deleting all the files in the folders containing those applications. Kaspersky Labs AVP, Zone Labs' ZoneAlarm, and Internet Security Systems' Black Ice are among the programs affected. After eliminating the security on the computer, the worm then installs a backdoor program linked to mIRC, a popular Internet Relay Chat program. The backdoor can be used to execute denial-of-service attacks against IRC servers. In addition, the virus also attempts to spread using e-mail and ICQ. Anti-virus software makers have been inundated with calls from customers who have been infected or seen copies of the worm. "It is extremely widespread," said April Goostree, virus research manager for McAfee.com. "We are seeing both corporate and home users being hit. We consider it an outbreak because of how fast it's spreading in so short a period." Rival Trend Micro has had about 22 corporate customers complain about the virus and has given it a high threat rating. David Perry, global director of education for TrendMicro, has decided that computer users may never be security-conscious enough to avoid getting infected. "Every time enough time goes by that people forget to be wary of these things, it pops up again," he said. "Apparently, we have to resign ourselves to the fact that education doesn't work." Pentagone isn't the only virus spreading significantly. Variants of the Nimda virus and a variant of the BadTrans virus are topping virus charts this month. ============================================================ Send all your buddies online cards and make their day! These cards are guaranteed to make them smile! Click below to check them out. http://click.topica.com/caaaekwb1dhr0b2EDp2f/egreetings ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ This email was sent to: archive@jab.org EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================