VIRUS WARNING

["Lynn H. Nelson" <lhnelson@raven.cc.ukans.edu>]

The ANTIGEN virus protection program at the University of
Kansas has already intercepted several messages addressed
to various of our lists. The general description on this virus
is:

Virus Name: SHOCKWAVE.A Trojan 
E-mail Subject: "A Great Shockwave Flash Movie" 
E-mail Body: "Check out his new flash movie that I download just
now...It's Great" 
E-mail Attachments: CREATIVE.EXE 

and you may verify the details of this warning at 
<http://www.ukans.edu/computing/virus/shockwave.shtml>

It is clear that the machines of at least some members of our
lists have been infected. Like most trojan horses, SHOCKWAVE
gives no indication to the owner of an infected machine.

The Notification describes SHOCKWAVE as follows:

_____________________________________________________________________________
When executing "CREATIVE.EXE" it will copy itself into:
C:\CREATIVE.EXE. It will also copy itself in the
 Windows Startup as CREATIVE.EXE. It will then create a file
Messageforu.txt, which shows all the
 modifications done by CREATIVE.EXE. The Execution of
CREATIVE.EXE will search for JPG and ZIP files on
 the local system and then to the system root directory. They are
then renamed to contain "Change at least now
 to LINUX". You can rename the name of the file since these
renamed files are not damaged. Their original
 locations are found in the Messageforu.txt. The Messageforu.txt
will also contain the following: 

 "Hi, guess you have got the message. I have kept a list of files
that I have infected under this. If you are smart
 enough just reverse back the process. I could have done far
better damage; I could have even completely wiped
 your hard disk. Remember this is a warning & get it sound and
clear... - The Penguin" 
_____________________________________________________________________________

Lynn