IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ADVISORY 00-038

"Self-Propagating 911 Script"
April 01, 2000

1. A recent and breaking FBI case has revealed the creation and dissemination of a self-propagating script that can erase hard drives and dial-up 911 emergency systems. While investigation and technical analysis continue, the script appears to include the following characteristics:

  • Actively search the Internet for computer systems set up for file and print sharing and copy itself on to these systems.
  • Overwrite victim hard drives.
  • Cause victim systems to dial 911 (possibly causing emergency authorities to check out substantial number of "false positive" calls.)

2. To this point case information and known victims suggest a relatively limited dissemination of this script in the Houston, Texas area, through source computers that scanned several thousand computers through four Internet service providers (America On-line, AT&T, MCI, and NETZERO). Disseminated script may be placed in hidden directories named chode, foreskin, or dickhair. Further script analysis by the FBI/NIPC continues.

3. FBI/NIPC Requests recipients immediately report information relating to use of this script to the local FBI or NIPC Watch and Warning Unit at (202) 323-3204/3205/3206. As more technical or operational information about this script develops, NIPC will disseminate this information through the Carnegie Mellon CERT, anti-virus vendors or its own web site, as appropriate.