Virus Alert: Network Associates Warns AOL and E-mail Users to
ProtectThemselves Against the Picture.exe Trojan Horse


SANTA CLARA, Calif., Jan. 8 /PRNewswire/ -- In an effort to educate and inform
the computer industry and its customers, the AVERT (Anti-virus Emergency
Response Team) researchers at Network Associates (Nasdaq: NETA) today issued a
warning to America Online (NYSE: <A HREF="aol://4785:AOL">AOL</A>) and E-mail
users to protect themselves from a Trojan horse which is being propagated via
an E-mail spam.

Symptoms:

Named Picture.exe, this Trojan affects systems without user authorization and
with no obvious symptoms to the average user.  Unlike traditional computer
viruses, Trojan horses are unable to replicate by themselves.  However,
because Picture.exe has been sent out to a large population of the Internet
community, users are advised to update their anti-viral software as soon as
possible.

Pathology:

When the Picture.exe attachment is launched, it invades the system by
"dropping" a file contained inside the original program into a Windows
subdirectory on the users system.  The next two system startups induce the
program to create a file containing a list of .TXT and HTML files and a list
of the URL's from the users Internet cache.  This Trojan is of particular
concern to users that have AOL client software installed on their systems as
the program looks inside an index file containing the user name and password.
Picture.exe is programmed to send the files of information it creates to an E-
mail address in China, presumably to the program's author.

Cure:

Detection of Picture.exe is currently available for McAfee VirusScan, versions
3.x and above and the Dr Solomon's Anti-Virus Toolkit, version 7.x and above.
Network Associates recommends that users delete the Trojan horse to remove it
from their systems.  Detailed information about Picture.exe and how to update
your protection is available on the Network Associates Web site at
www.nai.com.

With headquarters in Santa Clara, Calif., Network Associates, Inc. is
dedicated to providing leading enterprise network security and management
solutions. AVERT, the anti-virus research division of Network Associates Labs,
currently employs more than 85 virus researchers and maintains labs on five
continents worldwide.  In addition to studying new and existing security
threats, AVERT serves as a global resource for virus information and provides
rapid, follow-the-sun support for virus emergencies worldwide.  For more
information, Network Associates can be reached at 408-988-3832 or on the Web
at http://www.nai.com.

SOURCE  Network Associates, Inc.

CO:  Network Associates, Inc.

ST:  California

IN:  CPR MLM

SU:

01/08/99 15:29 EST http://www.prnewswire.com