PureBytes Links
Trading Reference Links
|
This press release comes from Data Fellows. For more
information onData Fellows' mailing list policy,
see end of message.
Espoo, Finland, October 8, 1999 - Data Fellows, a leading provider of
centrally-managed, widely distributed security solutions, today warns about a
new Melissa-like worm, VBS/Freelink. This worm spreads by e-mailing a file
called LINKS.VBS around.
VBS/Freelink is written in the VBScript language. By default, programs written
in VBScript operate only under Windows 98 and Windows 2000 beta (unless
Windows
Scripting Host has been installed separately).
However, Microsoft Internet Explorer 5 installs Windows Scripting Host (WSH)
also to Windows 95 and Windows NT 4.0 machines by default, making them
vulnerable to this worm.
VBS/Freelink was originally found from Europe in July 1999. However, it did
not
became common at that time, as it only operated under Windows 98 and beta
versions of Windows 2000. Now that Microsoft Internet Explorer 5 has been
released, more and more Windows 95 and NT users are vulnerable to this worm.
Estimates on the current market share of Internet Explorer 5 range between 10%
and 20%.
The worm arrives to users in e-mail message attachments named LINKS.VBS. When
it is executed, the worm shows a message box with the following text:
This will add a shortcut to free XXX links on your desktop. Do you
want to continue?
Whether the user clicks 'yes' or ‘no’, the program creates an Internet
shortcut
named "FREE XXX LINKS" to the desktop. This shortcut points to a porn web
site.
After this, the worm searches for mapped network shares on the local network.
If the worm finds any network drives, it copies itself to the root of them.
The worm uses Outlook application to mass-mail itself to each recipient in
each
address book. The mass-mail portion is similar to the infamous Melissa virus.
The subject of the messages sent by the virus is:
Check this
and the body of the message is:
Have fun with these links. Bye.
The worm attaches itself as "Links.vbs" to the message. When the receiver
double-clicks on the attachment, the worm executes and will mass-mail itself
again.
VBS/Freelink removes the sent mail from the user's "Sent Mail" folder. In this
way it tries to hide the mass mailings from the user.
As address books typically contain group addresses, the end result of
executing
the VBS/Freelink worm inside an organization is that the first infected user
sends the message to everybody in the organization. After this, other users
open the message and send the message again to everyone else. This quickly
overloads e-mail servers.
A technical description of the virus is available in the Data Fellows virus
description database at:
http://www.DataFellows.com/v-descs/freelink.htm
Sample pictures of e-mail messages generated by VBS/Freelink are available in
the Data Fellows virus screenshots center at:
http://www.DataFellows.com/virus-info/v-pics/
About Data Fellows
Data Fellows is a leading developer of centrally managed, widely distributed
security solutions. The company offers a full range of award-winning,
integrated anti-virus, file encryption and VPN solutions for workstations,
servers and gateways. F-Secure products and Framework are uniquely suited for
delivery of Security as a Service™ by enterprise IT departments as well as a
wide range of partners including ISPs, outsourcing firms and ASPs. For the
end-user, Security as a Service is invisible, automatic, reliable, always-on,
and up-to-date. For the administrator, Security as a Service means
policy-based
management, instant alerts, and centralized management of a
massively-distributed user base.
A privately owned company, Data Fellows offers a worldwide network of
distribution, technical support and training in over 80 countries.
For more information, contact
Data Fellows, 675 North First Street, 8th floor,
San Jose, CA 95112;
tel 408-938-6700; fax 408-938-6701;
http://www.DataFellows.com or info@xxxxxxxxxxxxxxxx
Mailing list policy
You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving us
your e-mail address for this purpose.Our mailing list are for the
exclusive use and the expressed purpose of Data Fellows and are not
sold or or given to third parties.
If you no longer wish to receive our press releases, or your email address
has been added to our lists without your consent, you can unsubscribe at
http://www.DataFellows.com/news/subscribe.html
If you only wish to receive our press releases concerning viruses,
please go to
http://www.DataFellows.com/news/subscribe.html
and first unsubscribe from
press-english-interest@xxxxxxxxxxxxxxxxxxxxx
and then subscribe to
press-english-virus-announcement@xxxxxxxxxxxxxxxxxxxxx
________________________________________________
Marita Nasman-Repo tel: +358 9 8599 0613
Communicator fax : +358 9 8599 0599
mobile: +358 40 517 4613
Data Fellows Corporation http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security
|