Archived posting to the Leica Users Group, 2002/01/29
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]I received three posting today with this subject line. This is not a hoax. See below. Happy snaps, Steven Alexander - -----Original Message----- From: McHugh Robert J Contr ESC/GAR Sent: Tuesday, January 29, 2002 8:31 AM To: ESC/GA Personnel List Subject: Virus Heads up For your information and future email safety... As always, give me a call if you have questions, Rob NOTE: Spaces were added to file name extensions to avoid content filtering of this report. SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild. The Air Force has no reports of infections by this worm at any Air Force bases. Symantec has released the 0127 definitions. This worm will be covered under McAfee's DAT file 4184 but is already covered under an "extra.dat" file on an interim basis. DETAILS: This mass-mailing worm arrives in an email message containing the following information: Subject: new photos from my party! Body: Hello! My party... It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks! Attachment: www.myparty.yahoo.com (29,696 byte PE file) Running the attachment infects the local machine. The virus copies itself to C:\Recycled\regctrl.exe and executes that file. The users default SMTP server is retrieved from the registry. HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager \Accounts\00000001 The virus uses this SMTP server to send itself out to all addresses found in the Windows Address Book and addresses found within .DBX files. See LINKS for vendor details. SOLUTION: Update to Symantec's latest antivirus Signature, 0127, and to McAfee's EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for definition and/or DAT files at URLs in LINKS section below. At the perimeter of your network, ensure email attachments with "c o m" extensions are stripped at your gateway, firewall or mail server. Recommendations on configuring NAV Exchange, Firewall, or Gateway to block files based on file attachment names are listed in Symantec's document "How to block email-based viruses using Symantec's Virus Protection for Gateways, Firewalls, and Groupware", see LINKS below. LINKS: https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/ http://vil.nai.com/vil/content/v_99332.htm ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/ - -- To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html