Word was circulated at work that this was SirCam. I set them straight! They eventually explained the following... "... Subject line: "Hi" and an .scr attachment. The firm is protected from this virus because all incoming emails are stripped of screen saver (scr) attachments. However, this email was received from an external source and opened through a personal email account, in this case it was Yahoo."

http://digitalmass.boston.com/news/2001/12/04/goner.html

'Goner' virus infects businesses, consumers worldwide

By Elinor Mills Abreu and Bernhard Warner, Reuters, 12/4/2001

SAN FRANCISCO/LONDON - A new computer worm named "Goner" was spreading quickly through corporate and personal e-mail inboxes Tuesday, deleting system files and clogging networks in what could be the the biggest outbreak since last year's "Love Letter" virus, security software vendors said. "Goner is one of the most incredibly fast moving and potentially dangerous e-mail viruses we've seen," said Mark Sunner, chief technology officer of MessageLabs Inc.

The worm, a virus that propagates itself to other computers through the Internet or other networks, is affecting users of Microsoft Corp.'s Outlook and Outlook Express, said Ian Hameroff, business manager of security solutions at Computer Associates International Inc.

People using ICQ instant messenger and Internet Relay Chat also are susceptible to the worm because files can be transferred across those networks, Hameroff said.

The Goner worm arrives in an attachment masquerading as a screensaver, with an e-mail subject line of "Hi" and text that says: "How are you? When I saw this screen saver, I immediately thought about you I am in a harry (sic), I promise you will love it!"

Once the the attachment is clicked, the worm sends itself to everyone in the user's e-mail address book, tries to close programs that are running and deletes certain system files, including security software, said Hameroff. Goner also tries to install a denial of service script on machines of IRC users, said Symantec Corp. That could turn PCs into launch pads for denial of service attacks, which malicious hackers use to flood Web servers with traffic from multiple PCs, effectively shutting down Internet sites to legitimate traffic. "This is at outbreak status, which is very rare," said April Goostree, virus research manager at McAfee.com. "The last outbreak we had was 'Love Letter' in May 2000."

A virus is given outbreak status by McAfee.com if it is determined to be spreading quickly and affecting large corporate networks as well as individual computer users, Goostree said.

One of the nastier aspects of the virus is its attempt to disable antivirus and firewall software, so that victims have to reinstall the software in order to prevent future infections, said Sunner of MessageLabs.

SPREADING QUICKLY IN EUROPE, US

UK-based e-mail security outsourcer MessageLabs Inc. said it was receiving more than 100 copies of the worm a minute, totaling about 23,000 worldwide since early Tuesday morning, with users in 17 countries hit.

Anti-virus software firm Trend Micro Inc. said it had recorded infections in 17,000 work stations and 30,000 corporate e-mail accounts across Europe, primarily in France, Germany and the United Kingdom.

The first report came from a French company Tuesday afternoon, said Raimund Genes, Trend Micro's European vice president of sales. The firm has issued a "high risk" warning on Goner, the same rating it assigned this summer's virulent Code Red worm

"I expect by tomorrow morning we will see something in Asia, and then from Asia, we'll see re-infections in Europe," Genes said.

The origin of the worm remained unclear. Trend Micro and McAfee.com said they suspect it originated in France. But Mikko Hypponen, manager of anti-virus research for Finland-based F-Secure , said he had his doubts, as the first recorded infections came from the United States and South Africa.

Hypponen also said he thought it suspicious that some of the victims were ICQ instant messenger and Internet Relay Chat users. "It's most likely written by a teenager targeting other teenagers," he said.

-- Anonymous, December 04, 2001

Answers

Argh! As if I don't already have enough problems with the mainframes this week.

-- Anonymous, December 04, 2001