RootsWeb: ILMCLEAN-L [ILMCLEAN-L] South Park "PrettyPark" Virus Warning

ILMCLEAN-L Archives

Archiver > ILMCLEAN > 2000-02 > 0951372977

From: <>
Subject: [ILMCLEAN-L] South Park "PrettyPark" Virus Warning
Date: Thu, 24 Feb 2000 01:16:17 EST

I checked this one out at: http://www.symantec.com/ns-search/techsupp/bulletin/archive/nav/0699navspc1.ht ml?NS-search-set=/38b4c/aaazY.7w_b4c8a1&NS-doc-offset=3& And, it's real, so I'm forwarding the message I received. Be careful! Susan Evans ALL~ DON'T OPEN ANY MESSAGE LISTED AS: "SOUTH PARK 'PRETTY PARK'" AS IT IS A VIRUS. Date: Wednesday, February 23, 2000 9:16 AM Subject: South Park "PrettyPark" Virus Warning I received a warning about a severe virus called PrettyPark. It's an attachment that looks like something from the "South Park" cartoon. It's for real!!! ITS/NAU writes: Yep, this one is for real. You can see Network Associate's information on it at http://vil.nai.com/vil/vpe10175.asp This came from the Senior Computer Analyst at Salt River Project: If you receive an email attachment that reads PrettyPark.EXE delete it immediately. The following information will explain why, it is extremely important that you do not run this program, it will mess up your system, it has already claimed 2 systems on plant site. Please be careful when you receive attachments, they can cause serious trouble with your system, not to mention other resources on the LAN. The PrettyPark worm comes as an attachment called PrettyPark.EXE, attached to a piece of mail from someone that has you in their address book. If you run that attachment, the worm creates a file called FILES32.VXD in your Windows system directory, and arranges for that file to be called when you use your system. Once it is installed, the worm both sends further copies of itself to people in your address book, and connects to a particular "channel" on IRC (Internet Relay Chat). Using the IRC channel, the worm both announces that your machine is infected, and opens up a "hole" through which an attacker can obtain information about your machine, and send your machine further programs to execute. The PrettyPark worm was first seen in a message "spammed" from an address in France, and is now (June, 1999) relatively widespread in some areas. PrettyPark is dangerous, because it potentially opens your system to active attacks from the outside. It is an insidious combination of self-spreading worm and Trojan horse "back-door" program.

This thread:

[ILMCLEAN-L] South Park "PrettyPark" Virus Warning by <>