Archived posting to the Leica Users Group, 2002/01/29
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]> I received three posting today with this subject line. > This is not a hoax. See below. > > > Happy snaps, > Steven Alexander > Yes, I had 8 of those e-mails this morning and deleted all without opening. The thing is that all of these virus e-mails are so transparent I am surprised if anybody would be fooled by them. sl > > > > > -----Original Message----- > From: McHugh Robert J Contr ESC/GAR > Sent: Tuesday, January 29, 2002 8:31 AM > To: ESC/GA Personnel List > Subject: Virus Heads up > > For your information and future email safety... > As always, give me a call if you have questions, > Rob > > NOTE: Spaces were added to file name extensions to avoid content filtering > of this report. > SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild. > The Air Force has no reports of infections by this worm at any Air Force > bases. Symantec has released the 0127 definitions. This worm will be covered > under McAfee's DAT file 4184 but is already covered under an "extra.dat" > file on an interim basis. > DETAILS: This mass-mailing worm arrives in an email message containing the > following information: > Subject: new photos from my party! > > Body: Hello! > My party... It was absolutely amazing! > I have attached my web page with new photos! > If you can please make color prints of my photos. Thanks! > > Attachment: www.myparty.yahoo.com (29,696 byte PE file) > Running the attachment infects the local machine. The virus copies itself to > C:\Recycled\regctrl.exe and executes that file. The users default SMTP > server is retrieved from the registry. > HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager > \Accounts\00000001 > The virus uses this SMTP server to send itself out to all addresses found in > the Windows Address Book and addresses found within .DBX files. > See LINKS for vendor details. > SOLUTION: > Update to Symantec's latest antivirus Signature, 0127, and to McAfee's > EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for > definition and/or DAT files at URLs in LINKS section below. At the > perimeter of your network, ensure email attachments with "c o m" extensions > are stripped at your gateway, firewall or mail server. Recommendations on > configuring NAV Exchange, Firewall, or Gateway to block files based on file > attachment names are listed in Symantec's document "How to block email-based > viruses using Symantec's Virus Protection for Gateways, Firewalls, and > Groupware", see LINKS below. > LINKS: > https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html > https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html > ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/ > http://vil.nai.com/vil/content/v_99332.htm > ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/ > > -- > To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html > - -- To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html