Mudcat Café message #344229

The Mudcat Café ^TM
Thread #27874 Message #344229
Posted By: McGrath of Harlow
20-Nov-00 - 08:05 PM
Thread Name: New anti-virus programs - advice please
Subject: RE: New anti-virus programs - advice please

I don't generally pass on virus warnings, because too many of them are hoaxes - but I got this from an old folk friend I know and trust from days long gone:

Hi, all

There is a new WORM virus called NAVIDAD, which has been confirmed by Symantec and McAfee. See links below - they will confirm it is NOT a hoax. I have looked at them both. I would not dare to pass this on otherwise. Go to the link appropriate to your antivirus prog to get full info and an update for your antivirus data files. Thanks to Bernard Cromarty for alerting me. The text below is his.

Mike

Bernard's text:-

http://www.symantec.com/avcenter/venc/data/w32.navidad.html

http://vil.mcafee.com/

This is what Symantec have to say:

W32.Navidad

Discovered on: November 3, 2000

Last Updated on: November 11, 2000 0 9:38:15 PM PST

W32.Navidad is a mass mailing worm program. The worm replies using MAPI to all Inbox messages that contain a single attachment. This works with Microsoft Outlook. The worm utilises the existing email subject line and body and attaches itself as NAVIDAD.EXE. Due to the bugs in the code, after being executed, the worm causes your system to be unusable.

This is how the virus manifests itself:

'Navidad' is Spanish for Christmas.

The 'festive' malware arrives as an attachment called navidad.exe.

If executed, it installs itself in the victim's system tray, next to the clock, where it appears as an icon of a small blue eye.

Clicking on the eye produces a button labelled "Nunca presionar este boton", Spanish for "Never press this button."

Victims who ignore that warning and click the button are treated to a message box with the title "Feliz Navidad", and the message:

"Lamentablemente cayo en la tentacion y perdio su computadora,"

(in English: "Merry Christmas. Unfortunately you've given in to temptation and lose your computer.")

Despite its threatening tone, the program does not deliberately destroy anything on the victim's computer. But a programming error by the uncredited author causes Navidad to damage the system registry in a way that makes it impossible to execute most programs with a .EXE extension.

The virus spreads by replying to messages that arrive in a victim's inbox.

We've all been tricked by virus hoaxes at some time - this is no hoax.