Virus Profile: MacOS/Simpsons@MM

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 6/7/2001
Date Added: 6/8/2001
Origin: Unknown
Length: 0
Type: Virus
Subtype: Macintosh
DAT Required: 4143
Removal Instructions
   
 
 
   

Description

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Indication of Infection

- Presence of unusual AppleScript in the Startup Items folder
- Mail correspondence stating that you've sent them a file when you did not

Methods of Infection

This is an AppleScript worm that is designed to propagate with MacOS 9.0 (or higher), and Microsoft Outlook Express 5.02. It arrives as an email attachment. Running this attachment infects the local machine which is then used to propagate the virus.
   

Virus Characteristics

This is an AppleScript worm that is designed to propagate with MacOS 9.0 (or higher), and Microsoft Outlook Express 5.02. It arrives as an email attachment using the following information:

Subject: Secret Simpsons Episodes!
Body:

Hundreds of Simpsons episodes were just secretly produced and sent out on the internet, if this message gets to you, the episodes are enclosed on the attachment program, which will only run on a Macintosh. You must have system 9.0 or 9.1 to watch the hilarious episodes, in high quality. Just download and open it.
From, [Sender's Name]

Attachment: Simpsons Episodes

Running this AppleScript results in Internet Explorer navigating to the URL:
http://www.snpp.com/episodeguide.html

The script copies itself to the folder: System Folder:Startup Items.

   
- Reboot your system with the extensions turned off
- Delete the file System Folder:Startup Items:Simpsons Episodes