Text: (227 lines follow)
AUTOREPLY: I will be on leave from 8 December 1999 to 11 January 2000. All
urgent messages can be directed to my home e-mail: [log in to unmask], or a
message left on my cellphone at 082 460-7915. If this fails, you can contact
Mpho Ntsekhe at the ID
International Development Research Centre (IDRC)
Regional Office Southern Africa
P O Box 477
2050 South Africa
Tel: +27 11 403-3952
Fax: +27 11 403-1417
e-mail: [log in to unmask]
---------- Original Text ----------
From: "Patrick O'Beirne" <[log in to unmask]>, on 14/12/99 11:09:
To: smtp@ROSANT02@Servers[<[log in to unmask]>]
At 12:05 14/12/1999 +0200, Ms Thandi Mbvundula wrote:
>If anyone has any information on this or any other viruses expected to hit
>from now through to the new millenium, please contact me directly.
>Email: [log in to unmask] or [log in to unmask]
To save time, I'll just copy & paste these messages from other lists:
#1 point: WATCH the web site of your anti-virus software supplier and keep
to date from them as a trusted source.
A new Web page is now available on the "Departmental and Personal
Computers" Y2K Web site at the University of California, Berkeley:
"'Y2K' Viruses, Worms, and Trojans"
There is more information out there than you can possibly absorb. Here are
a few of the more popular sites:
McAfee's main site. (For anyone with the McAfee Virus protection software
this is the place to be. The anti-virus centre [at the URL below] is very
informative. You can even download their anti-virus product for a free trial)
Symantec (vendor for Norton Anti-Virus Protection
pay particular attention to the following page -
CERT (Internet Security - very technical but extremely important. This is a
MUST for technical people with Internet Security responsibilities.)
To subscribe to their mailing list, see the following info from CERT........
"Tobe added to our mailing list for advisories and bulletins, send
email to [log in to unmask] and include SUBSCRIBE
your-email-address in the subject of your message
Mountain Wave (a News service with information on everything that you'd
ever want to know about computer security and more ...)
Another News Site is Ziff Davis' mega-site (something for everyone who has
a PC) Just use their search facility and the word VIRUS to get the latest
news on viruses, but beware there's so much information on a variety of
topics that you might spend a lot of time here just exploring topics of
Also see the
Hoax information that these sites also list.
OVERBLOWN: "Y2K viruses"
Computer security firms now warn of deadly "Y2K viruses." In some cases,
these horrible creations will mimic Y2K-related problems. In other cases,
they will terrify users on 1 Jan 2000. In still other cases, old viruses
written years ago might not be Y2K compliant. In still other cases, hackers
surreptitiously insert malicious code while getting paid to "fix" Y2K
software anomalies. This hysteria plays on your original media-inspired
fear of the Y2K problem.
Today, Dec 7, Symantec reported the discovery of another virus that
disguises itself as a Y2k fix. Called W95.Babylonia this virus downloads
updates over the Internet and seems to prefer using the internet relay chat
portion of the Internet.
I have confirmed with Symantec that this is a valid
report, and that more
information will be posted later today at their Y2k Awareness Center at
<http://www.symantec.com/avcenter/y2k/#y2kthreats>. News Release follows:
Unique Computer Virus Can Be Continually Updated by Virus Writer From
Central Location; Symantec Detects W95.Babylonia Computer Virus that
Disguises Itself as a Y2K Fix
W95.BABYLONIA Y2K VIRUS DESCRIPTION:
-- A new Y2K virus has been discovered that disguises itself as a
Y2K fix - the virus was discovered on December 6, 1999.
-- The virus is unique - it has the ability to download the viral
components of the virus from the Internet. When the virus is
executed, the virus will wait for an Internet connection. When it
detects that the computer can access the Internet, it will
download several files from a web server in Japan. Because the
virus has such capability, it is possible for the virus writer to
update the virus centrally.
-- W95.Babylonia is a very complex virus that propagates mainly to
other computer users via MIRC. MIRC is a text based communication
application used to chat over the Internet. When an infected user
logs onto MIRC, it will automatically send the virus to everyone
within the same MIRC chat room as the infected user. The virus
will be sent as a Y2K bug fix. Once this file (Y2K bug fix) is
executed, it will infect other 32-bit EXE program files and also
Windows Help files.
-- SARC currently has approximately 20 submissions of the virus from
customers and believes the virus to be spreading quickly
-- The virus was written by the 29A virus writing group.
CHARACTERISTICS OF INFECTION:
The virus will try to modify an infected system to display the
following message when the computer is booted:
W95/Babylonia by Vecna (c) 1999
Greetz to RoadKil and VirusBuster
Big thankz to sok4ever webmaster
Abracos pra galera brazuca!!!
Eu boto fogo na Babilonia!
The virus will also send an email to
[log in to unmask] to track infected computers.
08 Dec 99 - 22:00CST
Proliferation of Viruses Expected Between Now and 2000
By C. L. Staten, Sr. National Security Analyst
As previously reported by ERRI analysts
(http://www.emergency.com/1999/terr1199.htm), the W95.Babylonia,
Explore.Zip, Mypics.worm, and various kinds of "Melissa" viruses have
all broken out in the past week. Anti- and Counter-virus experts say
that they fear that these are only a few of maybe as many as 100 new
computer viruses that may be released between now and Jan. 1, 2000.
Researchers from Network Associates and Symantec, and McAfee
corporations, say that they believe that the Y2K transition period
will be an extremely active time for the release of potentially
damaging computer viruses.
Experts tell EmergencyNet News that at least some of the new viruses
are designed to exploit public fears of the Y2K bug by appearing to
contain free "fixes" for it. Others are designed to activate early on
01 Jan 2000 and may only add to confusion for corporate and government
analysts, who are trying to diagnose possible infrastructure failures
during the Year2000 transition period. ERRI advises all our government
and corporate clients and EmergencyNet News readers to frequently
check for updates to their anti-virus program, run virus scans
nightly, and to ensure that their hard-drives are backed up and stored
in a safe place. Additional updates will be provided by EmergencyNet
News as circumstances warrant...
Emergency Response & Research Institute
EmergencyNet News Service
6348 N. Milwaukee Ave. #312
Chicago, IL 60646, USA
(773) 631-3774 - Voice/Messages
(773) 631-4703 - Fax
[log in to unmask] - E-Mail
Patrick O'Beirne B.Sc. M.A. FICS. IT Systems Consultant
http://www.sysmod.com Tel: +353 (0)55 22294 Fax: 055 22297
Systems Modelling Ltd, Tara Hill, Gorey, Co. Wexford, IRELAND