From britdisc-owner@csv.warwick.ac.uk Fri Jun 11 11:38:00 1999 Received: by pansy.csv.warwick.ac.uk (8.9.3/8.9.3) id LAA08657 for britdisc-outgoing; Fri, 11 Jun 1999 11:36:40 +0100 (BST) Received: from daffodil.csv.warwick.ac.uk (daffodil [137.205.192.30]) by pansy.csv.warwick.ac.uk (8.9.3/8.9.3) with ESMTP id LAA08649 for <britdisc@csv.warwick.ac.uk>; Fri, 11 Jun 1999 11:36:38 +0100 (BST) Received: from baby.kbw.co.uk (baby.kbw.co.uk [193.133.242.75]) by daffodil.csv.warwick.ac.uk (8.9.3/8.9.3) with ESMTP id LAA26157 for <britdisc@csv.warwick.ac.uk>; Fri, 11 Jun 1999 11:36:38 +0100 (BST) Received: by baby.kbw.co.uk with Internet Mail Service (5.5.2448.0) id <L95TB7VJ>; Fri, 11 Jun 1999 11:16:48 +0100 Message-ID: <1DBF2E3701DFD211A65300902728A91B3ECF4B@baby.kbw.co.uk> From: Roger Thomson <roger.thomson@oyster.co.uk> To: BRITDISC <britdisc@csv.warwick.ac.uk> Subject: FW: Warning! Worm virus being sent to ServletExec Interest list a uthors, don't open attachments like: zipped_files.exe Date: Fri, 11 Jun 1999 11:16:38 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-britdisc@warwick.ac.uk Precedence: bulk This time it's a virus warning which is not a joke - just ask the BBC (no email facilities for 2 days now), Sky (it trashed half their systems) or half the banks - who aren't letting employees use mail programs at all. Get your anti-virus programs on the case and be safe. pieboy > -----Original Message----- > From: Nik Cuckson > Sent: 10 June 1999 17:26 > To: All Oyster Employees > Subject: FW: Warning! Worm virus being sent to > ServletExec Interest list autho rs, don't open > attachments like: zipped_files.exe > > Just received this mail from a list server ... this is a new > virus ... beware of mail attachments... description of the > virus is at the bottom of this message > > -----Original Message----- > From: Craig J. Detter [SMTP:craig@Detter.com] > Sent: Thursday, June 10, 1999 5:21 PM > To: ServletExec-Interest ServletExec (E-mail) > Subject: Warning! Worm virus being sent to ServletExec > Interest list autho rs, don't open attachments like: > zipped_files.exe > > I received two email messages today from someone in Europe > the subject line > came from a message I posted to the ServletExec Interest list. > > The description of this virus is: > http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html > > This is a description I pulled from Symantec: > > Worm.ExploreZip > > Virus Name: Worm.ExploreZip > Infection Length: 210,432 bytes > Area of Infection: C:\Windows\System\, Email Attachments > Likelihood: Common > Detected as of: June 6, 1999 > Characteristics: Worm, Trojan Horse > > <<...>> > Description: > Worm.ExploreZip is a worm that contains a malicious payload. The worm > utilizes MAPI commands and Microsoft Outlook on Windows > systems to propagate > itself. The worm was first discovered in Israel and submitted to the > Symantec AntiVirus Research Center on June 6, 1999. > The worm e-mails itself out as an attachment with the filename > "zipped_files.exe". The body of the e-mail message may appear > to come from a > known e-mail correspondent and contains the following text: > Hi Receipient Name! > > I received your email and I shall send you a reply ASAP. > > Till then, take a look at the attached zipped docs. > > bye > The worm determines whom to mail this message to by going through your > received messages in your Inbox. > Once the attachment is executed, it may display the following window: > <<...>> > The worm proceeds to copy itself to the c:\windows\system > directory with the > filename "Explore.exe" and then modifies the WIN.INI file so, > the program is > executed each time Windows is started. The worm then utilizes > your e-mail > client to harvest e-mail addresses in order to propagate > itself. One may > notice their e-mail client start when this occurs. > <<...>> > Payload: > In addition, when Worm.ExploreZip is executed, it also > searches through the > C through Z drives of your computer system and selects a > series of files of > any file extension to destroy by making them 0 bytes long. > This can result > in non-recoverable data and/or computer system. > <<...>> > Repair Notes: > To remove this worm, one should perform the following steps: > Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from > the WIN.INI > file > Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE". One may need to > reboot first, if the file is currently in use. > Norton AntiVirus users can protect themselves from this worm > by downloading > the current virus definitions either through LiveUpdate or from the > following webpage: > <http://www.symantec.com/avcenter/download.html> > Write-up by: Eric Chien > Update: June 9, 1999 > > > ------------------------ ServletExec-Interest ------------------------ > To unsubscribe, send email to list-requests@newatlanta.com and put the > command "unsubscribe servletexec" in the body of the message. > > Archives: <http://www.egroups.com/group/servletexec/>