SUBJECT: NATIONAL INFRASTRUCTURE PROTECTION CENTER INFORMATION SYSTEM ADVISORY (NIPC ADVISORY 00-038); SELF-PROPAGATING 911 SCRIPT 1. A RECENT AND BREAKING FBI CASE HAS REVEALED THE CREATION AND DISSEMINATION OF A SELF-PROPAGATING SCRIPT THAT CAN ERASE HARD DRIVES AND DIAL-UP 911 EMERGENCY SYSTEMS. WHILE INVESTIGATION AND TECHNICAL ANALYSIS CONTINUE, THE SCRIPT APPEARS TO INCLUDE THE FOLLOWING CHARACTERISTICS: A. ACTIVELY SEARCH THE INTERNET FOR COMPUTER SYSTEMS SET UP FOR FILE AND PRINT SHARING AND COPY ITSELF ON TO THESE SYSTEMS. B. OVERWRITE VICTIM HARD DRIVES. C. CAUSE VICTIM SYSTEMS TO DIAL 911 (POSSIBLY CAUSING EMERGENCY AUTHORITIES TO CHECK OUT SUBSTANTIAL NUMBERS OF "FALSE POSITIVE" CALLS). 2. TO THIS POINT CASE INFORMATION AND KNOWN VICTIMS SUGGEST A RELATIVELY LIMITED DISSEMINATION OF THIS SCRIPT IN THE HOUSTON, TEXAS AREA, THROUGH SOURCE COMPUTERS THAT SCANNED SEVERAL THOUSAND COMPUTERS THROUGH FOUR INTERNET SERVICE PROVIDERS (AMERICA ON-LINE, AT&T, MCI, AND NETZERO). DISSEMINATED SCRIPT MAY BE PLACED IN HIDDEN DIRECTORIES NAMED CHODE, FORESKIN OR DICKHAIR. FURTHER SCRIPT ANALYSIS BY THE FBI/NIPC CONTINUES. 3. FBI/NIPC REQUESTS RECIPIENTS IMMEDIATELY REPORT INFORMATION RELATING TO USE OF THIS SCRIPT TO THE LOCAL FBI OR FBI/NIPC WATCH AT 202-323-3204/3205/3206. AS MORE TECHNICAL OR OPERATIONAL INFORMATION ABOUT THIS SCRIPT DEVELOPS, NIPC WILL DISSEMINATE THIS INFORMATION THROUGH THE CARNEGIE MELLON CERT, ANTIVIRUS VENDORS OR ITS OWN WEB SITE (www.nipc.gov), AS APPROPRIATE. _________________________________________________________________ [ [1]Back to Advisories, Alerts and Warnings ] References 1. http://www.fbi.gov/nipc/nipcaaw.htm