Forwarded: Natas Virus Alert

Anita Cohen-Williams (IACAGC@ASUVM.INRE.ASU.EDU)
Mon, 5 Dec 1994 17:23:47 -0700

Anita Cohen-Williams; Reference Services; Hayden Library
Arizona State University, Tempe, AZ 85287-1006
PHONE: (602) 965-4579 FAX: (602) 965-9169
INTERNET: IACAGC@ASUVM.INRE.ASU.EDU Owner: HISTARCH
*** Forwarding note from IACAGC --ASUACAD 12/05/94 17:23 ***
To: IACCLR --ASUACAD Dr. Charles Redman ATCMB --ASUACAD C Barton
ATGAC --ASUACAD Geoffrey Clark ATALH --ASUACAD Ann Hedlund
ABCGT --ASUACAD Christy Turner ATGXC --ASUACAD George Cowgill
IDJDK --ASUACAD Joan Koss ATLTN --ASUACAD Leanne Nash
IKJXS --ASUACAD James Schoenwetter ATBLS --ASUACAD Barbara Stark
ICRRA --ASUACAD Robert Alvarez ATEAB --ASUACAD Elizabeth Brandt
ATKXK --ASUACAD Keith Kintigh ATMWM --ASUACAD Mary Marzke
ATKXS --ASUACAD Katherine Spielman ICSEF --ASUACAD Steven Falconer
IDLBS --ASUACAD Lyle Steadman ATMXW --ASUACAD Michael Winkelman

From: Anita Cohen-Williams
Subject: Forwarded: Natas Virus Alert
Here's a virus alert with all the pertinent data. I am forwarding the
forward so no one can accuse me of sending unverified data.

Anita Cohen-Williams; Reference Services; Hayden Library
Arizona State University, Tempe, AZ 85287-1006
PHONE: (602) 965-4579 FAX: (602) 965-9169
INTERNET: IACAGC@ASUVM.INRE.ASU.EDU Owner: HISTARCH
*** Forwarding note from HISTARCH--ASUACAD 12/05/94 13:17 ***
Return-Path: <owner-histarch@ASUVM.INRE.ASU.EDU>
Received: from ASUVM.INRE.ASU.EDU (NJE origin LISTSERV@ASUACAD) by
ASUVM.INRE.ASU.EDU (LMail V1.2a/1.8a) with BSMTP id 2462; Mon,
5 Dec 1994 13:17:15 -0700
Date: Mon, 5 Dec 1994 15:55:20 +0000
Reply-To: HISTORICAL ARCHAEOLOGY <HISTARCH@ASUACAD.BITNET>
Sender: HISTORICAL ARCHAEOLOGY <HISTARCH@ASUACAD.BITNET>
From: "Michael A. Pfeiffer"
</S=M.PFEIFFER/OU1=R08F10A@MHS-FSWA.ATTMAIL.COM>
Subject: Forwarded: Natas Virus Alert
X-To: Histarch@asuvm.inre.asu.edu
To: Multiple recipients of list HISTARCH <HISTARCH@ASUACAD.BITNET>

Content-Type: text
Content-Length: 00000000411

From: Michael Pfeiffer:R08F10A
Date: ## 12/05/94 11:55 ##

Previous comments:
From: Andrew Wilson:WO
Date: ## 12/05/94 12:22 ##

Previous comments:
From: THOMAS C. BRUCE:R03F02A
Date: ## 12/02/94 16:20 ##
Please read!

Previous comments:
From: Heyward Ehrlich:X400
Date: ## 12/02/94 18:14 ##
From: C=US/ADMD=ATTMAIL/ORG=ATTMAIL/PN=Heyward Ehrlich/
DD.ID=internet(b)andromeda.rutgers.edu(b)ehrlich/


Content-Type: ForwardedIPmessage
Content-Length: 00000002815


Message-Version: 2
UA-Content-ID: <9412022212.AA10336(a)andromeda.rutgers.edu>
End-of-Header:
EMail-Version: 2
UA-Message-ID: <9412022212.AA10336(a)andromeda.rutgers.edu>
P2-Originator: internet!andromeda.rutgers.edu!ehrlich
End-of-Protocol:
Content-Type: text
Content-Length: 2529


>Path: dziuxsolim.rutgers.edu!uunet!peach!atl1.america.net!zindar >From: Zindar
<zindar@america.net>
>Newsgroups: comp.binaries.ibm.pc.d
>Subject: **VIRUS ALERT**
>Date: Fri, 2 Dec 1994 11:55:30 -0500
>Organization: Access America, P.O. Box 1222, Alpharetta, GA 30239-1222 >Lines:
47
>Message-ID: <Pine.SV4.3.91.941202115515.22724B-100000@atl1.america.net>
>NNTP-Posting-Host: atl1.america.net
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII

OFFICE MEMO FWD>***Virus Alert*** Date:11/22/94

*******************************************
******************************************
** **
** V I R U S A L E R T ! ! ! **
** **
*******************************************
*******************************************


At First Saturday Sale in downtown Dallas, there was a vendor handing out flopp
y
disks to demo his services. Unknown to the vendor these disks were infected
with the Natas Virus (in the INSTALL.EXE file.) This is a fairly nasty
poly-morphic virus that *can* trash your hard drive. It does varying degrees of
damage, with a complete crash in roughly 1 out of 500 hard drives. The demo
program was only completed 4 days ago, but SO FAR, there have been 3 crashed
systems and one infected network. With several hundred additional demo disks
now in circulation.... the potential is pretty scary.

The free demo disks were 3.5" black floppies with the word "WIN" in large
letters from Winner's International Network.

Please pass this message around, this could be a nasty problem. The vendor has
handed out over TWO THOUSAND disks total, and the virus is probably wide spread
in the DFW community by now.

The virus is polymorphic, uses complex stealth routines, has some tricky code i
n
it, plus remains memory resident. It kicks almost *EVERY* flag in TBSCAN's
heuristic mode.

NATAS is very new, and is not recognizable by SCAN, MICROSOFT ANTI- VIRUS, and
CENTRAL POINT. Only F-PROT, TBAV, and AVPRO can find it.

If you have the virus already, it goes memory resident, and uses heavy
polymorphic code to avoid detection. Chances are, if you're already infected,
virus scanner *might* not find it. Boot from a clean floppy containinq a
anti-virus scanner, and scan all your drives.

The disk containing the virus has a INSTALL.EXE, which is the infected file.

This has been verified and is NOT a joke! Scan EVERYTHING you upload or downloa
d
from any bbs, or get from any disk!