This warning appeared on the network. It may be old news, but you
ought to be warned:

        _____________________________________________________
             The Computer Incident Advisory Capability
                         ___  __ __    _     ___
                        /       |     / \   /
                        \___  __|__  /___\  \___
        _____________________________________________________
                           INFORMATION BULLETIN

                            PKZIP Trojan Alert

JULY 8, 1992, 1700 PT                                  Number C-27

------------------------------------------------------------------------
PROBLEM:  Bogus versions of the PKZIP archiving software have been 
          released to Bulletin Board Systems (BBS).
PLATFORM: PCs running PC-DOS, or MS-DOS
DAMAGE:   One version attempts to erase the hard disk.
DETECTION: Look for the files: PKZ201.ZIP, PKZ201.EXE, PKZIPV2.ZIP, or
          PKZIPV2.EXE 
REMOVAL:  Save a copy of the files for CIAC, then delete the files. Do
          not extract or run these files.
------------------------------------------------------------------------
                Critical Facts about the PKZIP Trojan
  

CIAC has learned that two bogus versions of the popular archiving
utility PKZIP for PC-DOS and MS-DOS machines are being circulated on
several BBSs around the country. The two bogus versions of PKZIP are,
2.01 (PKZ201.ZIP and PKZ201.EXE) and 2.2 (PKZIPV2.ZIP and
PKZIPV2.EXE).  If you have downloaded any of these files, do not
attempt to use them.  You risk the destruction of all the data on your
hard disk if you do.

At the current time, the released version of PKZIP is version 1.10. A
new version of PKZIP is expected to be released in the next few months.
Its version number was planned to be 2.00, but may be increased to a
number greater than 2.2 to prevent confusion with the bogus versions.
PKWARE Inc. has indicated it will never issue a version 2.01 or 2.2 of
PKZIP. A good copy of the latest version of PKZIP can always be gotten
from the PKWARE BBS listed below.

According to PKWARE Inc. version 2.01 is a hacked version of PKZIP 1.93
Alpha.  While this version does not intentionally do any damage, it is
alpha level software, and may have serious bugs in it.

Version 2.2 is a simple batch file that attempts to erase your C:\ and
C:\DOS directories. If your hard disk has been erased by this program,
you may be able to recover it using hard disk undelete utilities such
as those in Norton Utilities, or PCTools. Don't do anything that might
create or expand a file on your hard disk until you have undeleted the
files, as you may overwrite the deleted files which will destroy them.
To examine a file to see if it is version 2.2, type it to the screen
with the DOS TYPE command. If the file that prints on the screen is a
short batch file with commands such as DEL C:\*.*, or DEL C:\DOS\*.*
then you have the bogus file.

If you should happen to see any of these files on a BBS, please contact
the sysop of that BBS immediately, and ask him to remove them. If you
have downloaded one of these files, please save a copy for CIAC, and
then delete the files from your hard disk. PKWARE Inc. has also asked
to be informed of any occurrences of these files, and can be reached
at,

     Voice: 414-354-8699    BBS: 414-354-8670    FAX: 414-354-8559

or by mail:

     PKWARE Inc.
     9025 N. Deerwood Drive
     Brown Deer, WI 53223 USA

For additional information or assistance, please contact CIAC:

     CIAC at (510) 422-8193/(FTS)
         FAX (510) 423-8002/(FTS)
     send e-mail to [email protected].

PLEASE NOTE:  Many users outside of the DOE and ESnet computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Some of the other teams include the NASA NSI response team,
DARPA's CERT/CC, NAVCIRT, and the Air Force response team. Your
agency's team will coordinate with CIAC.

CIAC would like to acknowledge the contribution of: PKWARE Inc.

This document was prepared as an account of work sponsored by an agency
of the United States Government. Neither the United States Government
nor the University of California nor any of their employees, makes any
warranty, express or implied, or assumes any legal liability or
responsibility for the accuracy, completeness, or usefulness of any
information, apparatus, product, or process disclosed, or represents
that its use would not infringe privately owned rights. Reference
herein to any specific commercial products, process, or service by
trade name, trademark, manufacturer, or otherwise, does not necessarily
constitute or imply its endorsement, recommendation or favoring by the
United States Government or the University of California. The views and
opinions of authors expressed herein do not necessarily state or
reflect those of the United States Government or the University of
California, and shall not be used for advertising or product
endorsement purposes.