Archived posting to the Leica Users Group, 2002/01/29

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: Re: [Leica] FW: Virus Heads up
From: "Steve LeHuray" <icommag@toad.net>
Date: Tue, 29 Jan 2002 09:34:34 -0500

> I received three posting today with this subject line.
> This is not a hoax.  See below.
>
>
> Happy snaps,
> Steven Alexander
>

Yes, I had 8 of those e-mails this morning and deleted all without opening.
The thing is that all of these virus e-mails are so transparent I am
surprised if anybody would be fooled by them.

sl
>
>
>
>
> -----Original Message-----
> From:  McHugh Robert J Contr ESC/GAR
> Sent: Tuesday, January 29, 2002 8:31 AM
> To: ESC/GA Personnel List
> Subject: Virus Heads up
>
> For your information and future email safety...
> As always, give me a call if you have questions,
> Rob
>
> NOTE: Spaces were added to file name extensions to avoid content filtering
> of this report.
> SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild.
> The Air Force has no reports of infections by this worm at any Air Force
> bases. Symantec has released the 0127 definitions. This worm will be covered
> under McAfee's DAT file 4184 but is already covered under an "extra.dat"
> file on an interim basis.
> DETAILS: This mass-mailing worm arrives in an email message containing the
> following information:
> Subject: new photos from my party!
>
> Body: Hello!
> My party... It was absolutely amazing!
> I have attached my web page with new photos!
> If you can please make color prints of my photos. Thanks!
>
> Attachment: www.myparty.yahoo.com (29,696 byte PE file)
> Running the attachment infects the local machine. The virus copies itself to
> C:\Recycled\regctrl.exe and executes that file.  The users default SMTP
> server is retrieved from the registry.
> HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
> \Accounts\00000001
> The virus uses this SMTP server to send itself out to all addresses found in
> the Windows Address Book and addresses found within .DBX files.
> See LINKS for vendor details.
> SOLUTION:
> Update to Symantec's latest antivirus Signature, 0127, and to McAfee's
> EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for
> definition and/or DAT files at URLs in LINKS section below.  At the
> perimeter of your network, ensure email attachments with "c o m" extensions
> are stripped at your gateway, firewall or mail server. Recommendations on
> configuring NAV Exchange, Firewall, or Gateway to block files based on file
> attachment names are listed in Symantec's document "How to block email-based
> viruses using Symantec's Virus Protection for Gateways, Firewalls, and
> Groupware", see LINKS below.
> LINKS:
> https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html
> https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html
> ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/
> http://vil.nai.com/vil/content/v_99332.htm
> ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/
>
> --
> To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html
>

- --
To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html

Replies: Reply from "lea" <lea@whinydogpress.com> (Re: [Leica] FW: Virus Heads up)