FW: Trojan Horse Alert

Ron.Smith at wharton.upenn.edu Ron.Smith at wharton.upenn.edu
Mon Apr 21 12:53:51 PDT 1997 

----------
From: Jennifer.Gibbs
To: adamr; ashwell; bearassed; campbell; capozell; crobinso; dalex; 
dracontius; Ellen; granola; Griffin; Jackie.Binstead; jrosenbe; 
mshireman; pbutler; ravnos; rolandas; Ron.Smith; Rosemary.Stecher; 
rowenamoore; sastupak; scohen; Solomon.Matisoff; ssegaram; swampkat; 
Kelly, Viki (Stage Step); v.kelly
Subject: FW: Trojan Horse Alert
Date: Monday, April 21, 1997 12:37PM

OK, folks, this is a verified REAL thing, not a hoax.  The attached
security alert was issued by CIGNA Corporate Systems.

Pass this on if you think it worthwhile.

Grainne
 ----------
From: Information Security & Asset Protection
To: < All CIGNA Employees >
Subject: Trojan Horse Alert
Date: Monday,April 21,1997 3:27PM

This is an urgent advisory about a file called AOL4FREE.COM, which
has no direct relationship to the hoax message that has been
circulating on the Internet. Since you may be confused by the
similarity in the topic name, we would like to clear the confusion,
and alert you to a *NEW* danger.

If you receive a file named AOL4FREE.COM over the internet, from a
BBS, via E- Mail or on a diskette, do not run it. This program is
designed to remove the files from your C: drive.  The Symantec
Antivirus Research Center (SARC) has examined  samples of AOL4FREE.COM
and established that this file is indeed a threat.

This Trojan first searches for the DOS program DELTREE.EXE on your hard
drive and then uses this DOS program to delete all files from your C:
drive. After completion, it displays the DOS error message "Bad Command
or file name" and then continuously displays an obscene message. This
Trojan cannot delete the files from the C: drive if it is unable to find
DELTREE.EXE, but the obscene message will always display.

The program is not a virus, so it can not be detected by antivirus
software.  It will not replicate if stored on your hard drive. It
needs to be run in order for it to perform its function, which is
why it is referred to as a Trojan Horse.

Again, this issue is separate from the issue raised some time ago
concerning a  hoax message circulating with "AOL4FREE" in the subject
line. That message is still considered to be a hoax, as the process
of opening an email cannot  cause the events described to happen.

More information about the Ansteorra mailing list