FRAMINGHAM (03/06/2000) - A cartoon-themed Trojan horse that first hit the Net last June is back in the wild.
Pretty Park - often called the South Park virus after the icon of Kyle, a character from Comedy Central's "South Park" adult cartoon, that comes with it - has attacked companies, universities and other organizations in North America. Samples have also been found in the U.K. and Europe.
The version circulating now is similar to the one that appeared in June, except that it arrives uncompressed, said Kelly Shall, spokeswoman for Network Associates Inc.
The variant strikes Outlook Express users on all Windows platforms, arriving as an e-mail attachment called Pretty Park.exe with the subject line "C:/coolprogs/prettypark.exe."
Once the attachment is launched, the strain attempts to e-mail itself every 30 minutes to everyone in the user's e-mail address book, creating an "e-mail storm," Shall said.
It also attempts to connect to an Internet Relay Chat (IRC) channel, possibly enabling the Pretty Park author to collect information such as the computer name, registered owner, system root path, Dial Up Networking username and passwords.
An IRC channel allows users to sign on, log in and select the channel or room they want to chat in.
The Santa Clara, Calif.-based antivirus firm first noticed Pretty Park's return in mid-February but only classified it as a serious risk as infection rates increased. Shall said hundreds of companies, including a dozen Fortune 1,000 companies, have reported Pretty Park but haven't suffered an actual system crash. She declined to identify companies that were hit.
More information can be found at w32/Pretty.worm.unp.