Break the Chain Hold your Vote

Created 9/27/2001 (9/27/2001) As if the world hasn't been victimized enough by the terrorist attacks of September 11, 2001, some hackers have devised a way to further attack those trying to cope with the tragedy.

SAMPLE CHAIN LETTER TEXT

There is another new virus that is making its way around, asking you to vote about the War resulting from the attacks in the US. DO NOT open the e-mail and delete it.

Please see the following:

Vote is a new worm that spreads through email using MAPI and the Microsoft Outlook Address Book.

Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM !
Body: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace!
Attachment: WTC.exe

The worm then opens 2 Microsoft Internet Explorer applications with URLs directed at websites with malicious content.

The worm also drops 2 VBS trojan files into the Windows and System directories. The first trojan, C:\Windows\MixDaLaL.vbs, attempts to overwrite any HTML/HTM files on both local and network drives. The 2nd trojan, C:\Windows\System\ZaCker.vbs, attempts to delete all files in the Windows directory. It then modifies autoexec.bat to reformat the C: drive upon reboot.

The worm makes two registry modifications:

HKLM\Software\Windows\CurrentVersion\Run\Norton.Thar = "C: \Windows\System\ZaCker.vbs"

HKCU\software\microsoft\internet Explorer\main\start Page =

END CHAIN LETTER TEXT

Shortly after the attack, I implored my readers to be very sensible about the types of information and e-mails they spread regarding the attack. I encouraged everyone to consider not just if the claims seemed real and valid, but also to question whether the e-mail served a useful purpose. I was fearing exactly the type of attack that this virus represents.

doteasy.com - free web hosting. Free hosting with no banners.
The "Vote Virus," as it has been dubbed, is real and is snagging a lot of innocent netizens who only wanted to make their voice heard. It is another example of the hidden dangers that seemingly harmless e-mail chain letters can pose.

For more technical information and fixes for the vote virus, visit the following anti-virus resources:

  • Symantec (Norton Antivirus)
  • McAfee (VirusScan)
  • FSecure (Anti-Virus)

Relying on anonymously authored and haphazardly forwarded e-mail messages for protection against viruses is foolish. There is no substitute for up-to-date anti-virus software. For more ways you can prevent unwanted intrusions on your data, read "Protecting Your PC" in the Chain-Breaker's Library.

What Do You Think?

Category: Virus Warning
References: None

HOME | Privacy & Copyright