RootsWeb: ILMCLEAN-L [ILMCLEAN-L] Virus warning: South Park Pretty Park

ILMCLEAN-L Archives

Archiver > ILMCLEAN > 2000-02 > 0951531708

From: <>
Subject: [ILMCLEAN-L] Virus warning: South Park Pretty Park
Date: Fri, 25 Feb 2000 21:21:48 EST

All: This is a legitimate virus that has infected several coworkers and their friends. Do not download anything with South Park or Pretty Park, especially with an .exe at the end, EVEN IF IT IS FROM SOMEONE YOU KNOW AND TRUST. They usually do not know it is happening. It attaches to your mailing list and sends itself to all on your list, infecting them if they download, and on and on. It looks as if it was sent by you. I am enclosing the below info I received on it from another rootsweb list. Incidentally, Norton and McAfee apparently have not detected it. Bill I. I checked this one out at: http://www.symantec.com/ns-search/techsupp/bulletin/archive/nav/0699navspc1.ht ml?NS-search-set=/38b4c/aaazY.7w_b4c8a1&NS-doc-offset=3& And, it's real, so I'm forwarding the message I received. Symantic recently updated their info. Be careful! Susan Evans ALL~ DON'T OPEN ANY MESSAGE LISTED AS: "SOUTH PARK 'PRETTY PARK'" AS IT IS A VIRUS. Date: Wednesday, February 23, 2000 9:16 AM Subject: South Park "PrettyPark" Virus Warning I received a warning about a severe virus called PrettyPark. It's an attachment that looks like something from the "South Park" cartoon. It's for real!!! ITS/NAU writes: Yep, this one is for real. You can see Network Associate's information on it at http://vil.nai.com/vil/vpe10175.asp This came from the Senior Computer Analyst at Salt River Project: If you receive an email attachment that reads PrettyPark.EXE delete it immediately. The following information will explain why, it is extremely important that you do not run this program, it will mess up your system, it has already claimed 2 systems on plant site. Please be careful when you receive attachments, they can cause serious trouble with your system, not to mention other resources on the LAN. The PrettyPark worm comes as an attachment called PrettyPark.EXE, attached to a piece of mail from someone that has you in their address book. If you run that attachment, the worm creates a file called FILES32.VXD in your Windows system directory, and arranges for that file to be called when you use your system. Once it is installed, the worm both sends further copies of itself to people in your address book, and connects to a particular "channel" on IRC (Internet Relay Chat). Using the IRC channel, the worm both announces that your machine is infected, and opens up a "hole" through which an attacker can obtain information about your machine, and send your machine further programs to execute. The PrettyPark worm was first seen in a message "spammed" from an address in France, and is now (June, 1999) relatively widespread in some areas. PrettyPark is dangerous, because it potentially opens your system to active attacks from the outside. It is an insidious combination of self-spreading worm and Trojan horse "back-door" program.

This thread:

[ILMCLEAN-L] Virus warning: South Park Pretty Park by <>