Archived posting to the Leica Users Group, 2002/01/29

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: Re: [Leica] FW: Virus Heads up
From: "Jeffery L.Smith" <jsmith45@bellsouth.net>
Date: Tue, 29 Jan 2002 08:48:37 -0600
References: <C9BFAC0EE534FD418C7C0715BE85C6403B1215@ML66SC-MB-02>

This one started making the rounds yesterday, particularly in Europe. It 
appears to be not too destructive, but I would still delete anything that 
has "party pics" as a subject line. I don't think there is a virus 
definition available for it yet.


At 09:27 AM 1/29/02 -0500, you wrote:
>I received three posting today with this subject line.
>This is not a hoax.  See below.
>
>
>Happy snaps,
>Steven Alexander
>
>
>
>
>
>-----Original Message-----
>From:  McHugh Robert J Contr ESC/GAR
>Sent: Tuesday, January 29, 2002 8:31 AM
>To: ESC/GA Personnel List
>Subject: Virus Heads up
>
>For your information and future email safety...
>As always, give me a call if you have questions,
>Rob
>
>NOTE: Spaces were added to file name extensions to avoid content filtering
>of this report.
>SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild.
>The Air Force has no reports of infections by this worm at any Air Force
>bases. Symantec has released the 0127 definitions. This worm will be covered
>under McAfee's DAT file 4184 but is already covered under an "extra.dat"
>file on an interim basis.
>DETAILS: This mass-mailing worm arrives in an email message containing the
>following information:
>Subject: new photos from my party!
>
>Body: Hello!
>My party... It was absolutely amazing!
>I have attached my web page with new photos!
>If you can please make color prints of my photos. Thanks!
>
>Attachment: www.myparty.yahoo.com (29,696 byte PE file)
>Running the attachment infects the local machine. The virus copies itself to
>C:\Recycled\regctrl.exe and executes that file.  The users default SMTP
>server is retrieved from the registry.
>HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
>\Accounts\00000001
>The virus uses this SMTP server to send itself out to all addresses found in
>the Windows Address Book and addresses found within .DBX files.
>See LINKS for vendor details.
>SOLUTION:
>Update to Symantec's latest antivirus Signature, 0127, and to McAfee's
>EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for
>definition and/or DAT files at URLs in LINKS section below.  At the
>perimeter of your network, ensure email attachments with "c o m" extensions
>are stripped at your gateway, firewall or mail server. Recommendations on
>configuring NAV Exchange, Firewall, or Gateway to block files based on file
>attachment names are listed in Symantec's document "How to block email-based
>viruses using Symantec's Virus Protection for Gateways, Firewalls, and
>Groupware", see LINKS below.
>LINKS:
>https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html
>https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html
>ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/
>http://vil.nai.com/vil/content/v_99332.htm
>ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/
>
>--
>To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html

Jeffery Smith
New Orleans, LA


- --
To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html