[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

virus warning



PureBytes Links

Trading Reference Links

FYI
Lionel Issen
lissen@xxxxxxxxx
----- Original Message -----
From: <gissen@
Sent: Monday, May 22, 2000 2:06 PM
Subject: This is the stuff I promised you.


>
> Also, look at the McAfee site for more information.
>
> Gail
>
> > -----Original Message-----
> > From: James Cushing
> > Sent: Friday, May 19, 2000 7:16 AM
> > To: Houston
> > Subject: Virus Alert: Love Bug II Information
> > Importance: High
> >
> > New virus more destructive than "Love"
> > By Paul Festa, CNET News.com
> >
> > A new virus on the loose could make the Love Bug pale by comparison.
> > Antivirus firms monitoring the new outbreak say only a handful of
> > instances have so far been reported to them. But they caution that the
> > virus has the potential to spread rapidly and cause even more damage
than
> > its recent predecessor.
> > "Everything on the computer is destroyed," said Vincent Weafer, director
> > of Symantec's antivirus research center.
> > Perhaps even more disquieting than the destructive payload is the fact
> > that the virus alters itself to sneak around traditional virus scanners.
> > This meaner, smarter bug comes on the heels of the so-called Love Bug
> > virus that wreaked havoc and caused billions of dollars in damage
earlier
> > this month. The new one threatens not only to overwrite files on
victims'
> > computers but to destroy data, programs and crucial operating software
on
> > them as well.
> > Like the Love Bug, the new virus exploits features of Microsoft's
Outlook
> > email program to send itself to all contacts in the victim's address
book.
> > The virus is written as a VisualBasic attachment, which can be
recognized
> > by the suffix ".vbs".
> > Microsoft this week pledged to shore up Outlook with an upgrade meant to
> > thwart the spread of viruses like the Love Bug. Symantec said the
upgrade
> > would be effective against the new virus; but it is yet to be released.
> > The Love Bug has seen a wide array of mutations--not an uncommon
> > development among viruses--which Symantec numbered at around 30 so far.
> > Some of the Love variations have been more destructive than the
original,
> > damaging system files in addition to the image and audio files targeted
by
> > their predecessor.
> > The new virus does not overwrite computer files; instead, it shrinks
them
> > down to nothing, targeting files on both local and network drives.
> > In addition, it imitates the behavior of biological viruses in making
> > subtle alterations as it spreads.
> > The mutation occurs in three different places. First, the virus changes
> > the subject header of the email by selecting at random from various
> > document files found on the victim's computer and adopting that file's
> > name, preceded by "FW:".
> > Next, the virus renames itself with the same name, followed by ".vbs".
> > Last, the virus inserts random text in the VBS script itself. This code
> > does not alter the behavior of the virus itself, but throws virus
scanners
> > off its scent.
> > Symantec said it was at work on a fix that would exclude those randomly
> > generated comments in identifying the virus.
> > One possible avenue of attack for the antivirus crews is the fact that
the
> > new virus comes in an email with a blank body. A filter that scraps
emails
> > with "FW" in the subject header and nothing in the body would be
effective
> > against the virus without filtering out a large number of legitimate
> > attachments, Weafer said.
> > Contrary to a Symantec press release and earlier published reports,
Weafer
> > stressed that the new virus was not a variant of the Love Bug. While the
> > viruses share key characteristics, such as the reliance on Microsoft's
> > Outlook address book and VBS scripting language, they do not share
source
> > code.
> > The new virus, dubbed "VBS.LoveLetter.FW.A" by Symantec and
> > "VBS/NewLove-A" by English antivirus firm Sophos, is currently not very
> > widespread. Symantec heard reports from one U.S. firm and two in Israel.
> > Trend Micro, a competing antivirus firm, said one corporate customer
> > reported that all 5,000 of its desktops received the virus, but the
> > company didn't know how many of those actually opened it.
> > "Those numbers are very small," Weafer said. "But it's not atypical for
a
> > worm to start with very low numbers and spread very rapidly. When we
first
> > saw the Explorer.zip virus, which started in Israel, there were two
cases.
> > Twenty-four hours later it had spread worldwide."
> > The Bay Area firm whose 5,000 desktops received the virus got it from
its
> > office in Israel, according to Trend Micro. But the company cautioned
> > against concluding from that fact that the virus originated in Israel.
> > Virus firms have come under some criticism for hyping virus threats,
> > especially in light of the fact that antivirus firms' stocks tend to do
> > well in the midst of security crises.
> > One antivirus researcher keeping an eye on the new worm close to
midnight
> > today said he was spreading the word about it with mixed feelings.
> > "We're in this familiar situation where we're warning people about a
> > problem they may or may not have tomorrow morning," said Dan Schrader,
> > chief security analyst at Trend Micro. "If we cry wolf often enough,
> > they'll tune us out entirely."
> >