DOS schrijft: "Aladdin komt met een virus waarschuwing over de vandal Pretty Park 2. Zelf heb ik PP1 ontvangen, maar omdat ik niet wist wat het was en het verpakt zat in een nogal wazige email, hebbik 'm nooit geopend. Nu is er dus deel 2, PP strikes again":
-Aladdin Knowledge Systems (NASDAQ: ALDN - news), today announced its eSafe Enterprise and eSafe Desktop products automatically protect users against a new variation of the Pretty Park vandal. Aladdin’s Content Security Response Team (CSRT) has recently handled numerous incidents of Prettey Park outbreaks in large organizations and has placed this vandal in a high risk. . eSafe’s patent-pending Sandbox II technology blocks this vandal and any similar strains from gaining access to system resources and thereby eliminates the risk of infection without the need for virus table updates.
The Security Risk
The original Pretty Park vandal Trojan first made its debut in May 1999. The new Pretty Park vandal, officially called “Win32.PRETTYPARK.B” or “W32/Pretty.Worm.unp”, is an uncompressed version of the original worm and spreads as an attachment to email messages. This uncompressed variant has the same functionality of the original attack, but with different signature that cannot be detected by standard anti-virus scanning programs. The file usually arrives in email with the subject line: "C:\CoolProgs\PrettyPark.exe".
The file attached in the email named "Pretty Park.EXE", and displays an icon with a picture of Kyle - a character from the cartoon series "South Park". When executed, this worm may display the 3D pipe screen saver. It drops a file named FILES32.VXD into the Windows\System directory, and configures the Windows registry to execute this file every time a program file is run. Pretty Park can infect users of all Windows platforms. For up-to-date information and alerts, please visit Aladdin’s Content Security Resource Center at: http://www.esafe.com/csrt/.
Once the vandal program is executed, it will try to email itself automatically every 30 minutes (or 30 minutes after it is loaded) to email addresses registered in your Internet address book. Although the vandal does not attempt to email documents, network administrators will face backlogged servers and bandwidth restrictions when the vandal replicates to each entry in the infected user’s address book, every 30 minutes.
Pretty Park may also try to connect to an Internet Relay Chat (IRC) server and join a specific IRC channel. The worm will send information to IRC every 30 seconds to keep itself connected, and to retrieve any commands from the IRC channel.
Tijd voor alle virus ridders om hun mannelijke instincten te volgen en de wereld te beschermen tegen de invloeden van dit kwade virus. Ik (meerdere keren lastig gevallen door PP2 mailings) heb m'n zusje alvast gemailt dat ze geen gekke mailtjes open moeten maken .