ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

CA warns 'Plage2000' is in the wild

ZDNet News US ZDNet.co.uk

Published: 17 Jan 2000 10:47 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Computer Associates International on Thursday warned of a new computer worm on the horizon, the "Plage2000", which could threaten computer email systems as well as e-business infrastructures.

The worm has been reported to be "in the wild" by customers of Computer Associates, the company said.

A worm is a computer program that replicates itself and spreads from computer to computer and infects an entire system. A computer virus, spreads from file to file. A worm can spread without human intervention.

The Plage2000 arrives as a reply to an email previously sent by the user. The original email will be quoted completely in the reply. The arriving email says:

P2000 Mail auto-reply:

' I'll try to reply as soon as possible. Take a look to the attachment and send me your opinion! ' Get your FREE P2000 Mail now!

The worm is attached to the message under one of the following names: pics.exe, images.exe, joke.exe, PsPGame.exe, newsdoc.exe, hamster.exe, tamagotxi.exe, searchURL.exe, SETUP.EXE, Card.EXE, billgt.exe, midsong.exe, s3msong.exe, docs.exe, humor.exe, or fun.exe.

On execution, the worm will present itself as a self-extracting WinZip file. Extracting this will cause one of the following 2 messages to be displayed:

WinZip self-Extractor ZIP damaged: file worm name: Bad CRC number. Possible cause: file transfer error

Or,

WinZip self-Extractor -- worm name:worm name -- Application Error The exception unknown software exception (0xc00000fd) occurred in the application ....

In the background the worm copies itself to the Windows directory under the name INETD.EXE and adds itself to the registry: "HKEYCURRENTUSERSoftwareMicrosoftWindows NTCurrentVersionWindowsrun WindowsDirINETD.EXE".

Every five minutes the worm tries to establish a connection to a running Outlook or Exchange client. When new emails are received it will reply to the unread emails with an email like the one above. The original messages remain unread.

Although the worm does not have a destructive payload, its email propagation mechanism poses a threat to any eExchange email infrastructure since it can overload and take down mail servers.

What do you think? Tell the Mailroom. And read what others have said.

Take me to the Virus Workshop

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
43 out of 101 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Flash Engineer - 180 per day

Creative Graphic Designer

Solutions Architect

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers