[Table of Contents] [Search]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PKZIP virus - HOAX

More on the PKZip Trojan, PKZ300B.ZIP

>     [Symantec] [Section Navigation]
>     [Image]
>     [Symantec AntiVirus Rese[Download Updates[Reference Area]
>                             [Virus Alerts]   [Macintosh Viruses]
>                             [Virus Info Datab[Submitting Virus Samples]
>     [Image]
>     3b Trojan (alias PKZIP)
>     [Image]
>                Aliases: PKZip Trojan, PKZ300B.ZIP
>       Infection length: Hoax/Trojan Horse
>      Area of infection: Hoax/Trojan Horse
>             Likelihood: Hoax/Uncommon
>        Region reported: FTP sites, Internet service providers
>        Characteristics: Hoax/Trojan Horse
>        Target platform: DOS
>           Trigger date: Immediate
>     [Image]
>     Description:
>     Although this trojan horse at one time existed, there has been no
>     reported infection or destruction caused by it since late 1995.
>     The rumor of its existence, however, has been quickly spreading
>     through Internet mail from the time it was first discovered. This
>     trojan horse program, although it did exist at one time, is now
>     more a rumor or hoax than an actual threat to the public. It has
>     caused more damage and concern through its rumored existence than
>     by direct action of the program itself.
>     For those interested, here is a summary of how the original
>     strain functioned. Again, it is not currently considered in
>     distribution and is not considered a threat to the public.
>     3b Trojan is a Trojan Horse program that claims to be the latest
>     version of PKZIP, Version 3.0g, from PKWARE Inc. 3b Trojan was
>     first received by the Symantec AntiVirus Research Center in late
>     July 1995. The definition (fingerprint) was integrated into the
>     August 1995 virus definition set and has been part of every
>     update since that initial release.
>     3b Trojan is not a virus. Trojan Horse programs do not replicate
>     and spread themselves. Instead, they masquerade as legitimate
>     programs, in this case, as a new release of PKZIP. Users download
>     these programs, thinking them beneficial, and run them. For the
>  [Imevent, or trigger, to take place, users must manually download
>     these files and consciously run them. The vast majority of Trojan
>     Horse programs are written with a destructive intention.
>     3b Trojan has been distributed under the following names:
>        * PKZ300B.EXE
>        * PKZ300B.ZIP
>        * PKZIP300.EXE
>        * PKZIP300.ZIP
>     The triggered event is to format the hard drive. The
>     "self-extracting" versions of the executable (.EXE) files for 3b
>     Trojan (.EXE) and the "PKZIP" program within it have this
>     trigger. There have also been reports that 3b Trojan "affects
>     modems of 1.44 and higher." These accounts are incorrect: 3b
>     Trojan has no such capability.
>     As of November 1996, only the following releases of DOS PKZIP
>     program are valid:
>        * 1.10
>        * 1.93
>        * 2.04c
>        * 2.04e
>        * 2.04g
>     In response to 3b Trojan, PKWARE Inc. has issued the following
>     statement:
>          It has come to the attention of PKWARE that a fake
>          version of PKZIP is being distributed as PKZ300B.ZIP or
>          PKZ300.ZIP. It is not an official version from PKWARE
>          and it will attempt to erase your hard drive if run. It
>          attempts to perform a deletion of all the directories
>          of your current drive. If you have any information as
>          to the creators of this trojan horse, PKWARE would be
>          extremely interested to hear from you. If you have any
>          other questions about this fake version, please email
>          support@xxxxxxxxxxx
>     You can download PKZIP 2.04g from the Symantec FTP server
>     (ftp://ftp.symantec.com).
>     [Image]
>     0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
>     [Image]
>     [Navigation Bar]
>     Copyright © 1996 Symantec Corporation. All rights reserved.
>     Last revised: November 20, 1996

Michael Joseph
Rare Book and Jerseyana Catalog Librarian
Rutgers University Libraries
Rutgers University
New Brunswick, New Jersey

        voice: 908-445-5904
                email: mjoseph@xxxxxxxxxxxxxxx
                fax :  908-445-5888

[Subject index] [Index for current month] [Table of Contents] [Search]