Date: Wed, 7 Mar 2001 11:08:59 -0500 (EST) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET News: Virus Alert: "NakedWife" Trojan ------------------------------------------------------- VIRUS ALERT: EXTREMELY DANGEROUS NAKEDWIFE TROJAN HORSE ------------------------------------------------------- A new virus (actually a trojan horse) called "NakedWife" has begun to spread across the Internet via e-mail. PC users should consider it to be extremely dangerous because it makes an infected PC virtually unusable. NakedWife arrives as a file attached to an e-mail message having the following characteristics: > Subject: FW: Naked Wife > Attachment: NakedWife.exe > Message Text: > > My wife never looked like that! ;-) > > Best Regards, > The name of the person from whose PC the virus was sent will be shown where you see "" in the example above, and the "From: " line of the message may show that person's e-mail address. However this DOES NOT mean that person intentionally sent the infected message. In fact he probably has no idea it was sent. And, as you will see if you continue reading, by the time you receive the message that will be the least of his worries. If the recipient of a Naked Wife message opens the NakedWife.exe file attachment, a window appears that looks like a ShockWave Flash animation window. All menus in the window are fake except for "Help", which displays a dialog box containing an obscene message. Once the fake ShockWave Flash window opens, the trojan looks for a Microsoft Outlook or Outlook Express address book on the PC. If found, the trojan mails itself to all addresses in the address book. The trojan then deletes all files with the following extensions from the \Windows and \Windows\System folders: .INI, .LOG, .DLL, .EXE, .COM, and .BMP. This renders the infected PC virtually unusable. If you receive the Naked Wife e-mail described above, don't bother to reply to the apparent sender. By the time you send your reply the trojan will already have rendered his PC useless. He will not see your message until he brings the PC back to life, probably by reinstalling Windows. The "Naked Wife" message can be spread only by PCs using Outlook or Outlook Express. However the "NakedWife.exe" file attachment is destructive to any Windows PC on which it is opened, whether or not Outlook or Outlook Express is present. If you receive a "Naked Wife" e-mail, delete it. Above all, do not open the "NakedWife.exe" file attachment! The "NakedWife" trojan does not affect Macintosh OS, UNIX, or other computers running operating systems other than Microsoft Windows. See the following URLs for more information: http://www.F-Secure.com/v-descs/nakedwif.shtml http://vil.mcafee.com/dispVirus.asp?virus_k=99035& http://service1.symantec.com/sarc/sarc.nsf/html/W32.Naked@mm.html New computer viruses appear "in the wild" at an alarming rate, and most are transmitted via e-mail. The only 100% perfect safeguard against infection is to turn off your computer and pack it away in the attic, but obviously that's not a practical solution for most of us. Protecting an Internet-connected computer against viruses transmitted by e-mail is 99% common sense. Be very wary of any message containing a file attachment. If you receive an unexpected file attachment from someone you don't know, delete it. Do not open it! If you receive an unexpected file attachment from someone you do know, contact the sender for verification of the attachment before opening it. If your mail program has an option to open file attachments automatically, or if it has an option to run embedded scripts automatically, make sure those options are turned off. Some versions of Outlook Express, for example, came out of the box with both options turned on by default. Hello Microsoft, that was NOT very bright! If You don't have an anti-virus program on your PC, you should seriously consider getting one. This is very important for any Internet-connected computer. The two most popular are Norton Antivirus and McAfee VirusScan, but there are others. If you already have anti-virus software installed, make sure its "virus description database" is up to date. The virus description database is what tells the anti-virus program what to look for when it scans for viruses, and how to eradicate any that it finds. New PC viruses are discovered "in the wild" almost every day, so anti-virus software publishers periodically issue updated versions of their databases. Most anti-virus programs have a built-in "update" function of some kind. Use it! Your anti-virus program cannot protect your computer against recent viruses if it is using an outdated virus description database! If you don't know how to make your anti-virus program do an update, see the manual, or go to the publisher's Web site, or contact the publisher's Help Desk for assistance. Add the following URLs to your Internet Explorer favorites list or your Netscape bookmarks list. Use them to look up definitive information about viruses and virus hoaxes. F-Secure: http://www.F-Secure.com/virus-info/ McAffee: http://vil.mcafee.com/ Symantec: http://www.symantec.com/avcenter/ Best regards, Chip (who is NOT packing his computers away in the attic, if for no other reason than there are already too many obsolete computer up there) -- BCPL.NET INTERNET SERVICES CONTACTS: ----------------------------------- Web Site: http://www.bcpl.net Administration & Policy: ispadmin@bcpl.net 410-887-6180 Sales, Renewals, Account Status: accounts@bcpl.net 410-887-4172 Technical Support (Help Desk): help@bcpl.net 410-887-3297 Usenet News Newsgroup Requests news-admin@bcpl.net 410-887-6180 E-Mail & Newsgroup Abuse Reports: abuse@bcpl.net 410-887-6180 Domain Name Service Issues: dnsadmin@bcpl.net 410-887-6180 FAX: 410-887-2091