Archived posting to the Leica Users Group, 2002/01/29

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: [Leica] FW: Virus Heads up
From: Steven Alexander <alexpix@worldnet.att.net>
Date: Tue, 29 Jan 2002 09:27:41 -0500

I received three posting today with this subject line.
This is not a hoax.  See below.


Happy snaps,
Steven Alexander





- -----Original Message-----
From:  McHugh Robert J Contr ESC/GAR
Sent: Tuesday, January 29, 2002 8:31 AM
To: ESC/GA Personnel List
Subject: Virus Heads up

For your information and future email safety...
As always, give me a call if you have questions,
Rob

NOTE: Spaces were added to file name extensions to avoid content filtering
of this report.
SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild.
The Air Force has no reports of infections by this worm at any Air Force
bases. Symantec has released the 0127 definitions. This worm will be covered
under McAfee's DAT file 4184 but is already covered under an "extra.dat"
file on an interim basis.
DETAILS: This mass-mailing worm arrives in an email message containing the
following information:
Subject: new photos from my party!

Body: Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachment: www.myparty.yahoo.com (29,696 byte PE file)
Running the attachment infects the local machine. The virus copies itself to
C:\Recycled\regctrl.exe and executes that file.  The users default SMTP
server is retrieved from the registry.
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
\Accounts\00000001 
The virus uses this SMTP server to send itself out to all addresses found in
the Windows Address Book and addresses found within .DBX files.
See LINKS for vendor details.
SOLUTION:
Update to Symantec's latest antivirus Signature, 0127, and to McAfee's
EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for
definition and/or DAT files at URLs in LINKS section below.  At the
perimeter of your network, ensure email attachments with "c o m" extensions
are stripped at your gateway, firewall or mail server. Recommendations on
configuring NAV Exchange, Firewall, or Gateway to block files based on file
attachment names are listed in Symantec's document "How to block email-based
viruses using Symantec's Virus Protection for Gateways, Firewalls, and
Groupware", see LINKS below.
LINKS:
https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html
https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html
ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/
http://vil.nai.com/vil/content/v_99332.htm
ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/

- --
To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html