[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A verified virus alert. Press release from Data Fellows



PureBytes Links

Trading Reference Links

This press release comes from Data Fellows. For more 
information onData Fellows' mailing list policy, 
see end of message.

Espoo, Finland, October 8, 1999 - Data Fellows, a leading provider of
centrally-managed, widely distributed security solutions, today warns about a
new Melissa-like worm, VBS/Freelink. This worm spreads by e-mailing a file
called LINKS.VBS around. 

VBS/Freelink is written in the VBScript language. By default, programs written
in VBScript operate only under Windows 98 and Windows 2000 beta (unless 
Windows
Scripting Host has been installed separately).

However, Microsoft Internet Explorer 5 installs Windows Scripting Host (WSH)
also to Windows 95 and Windows NT 4.0 machines by default, making them
vulnerable to this worm.

VBS/Freelink was originally found from Europe in July 1999. However, it did 
not
became common at that time, as it only operated under Windows 98 and beta
versions of Windows 2000. Now that Microsoft Internet Explorer 5 has been
released, more and more Windows 95 and NT users are vulnerable to this worm.
Estimates on the current market share of Internet Explorer 5 range between 10%
and 20%.

The worm arrives to users in e-mail message attachments named LINKS.VBS. When
it is executed, the worm shows a message box with the following text:
    This will add a shortcut to free XXX links on your desktop. Do you 
     want to continue?

Whether the user clicks 'yes' or ‘no’, the program creates an Internet 
shortcut
named "FREE XXX LINKS" to the desktop. This shortcut points to a porn web 
site.

After this, the worm searches for mapped network shares on the local network.
If the worm finds any network drives, it copies itself to the root of them.

The worm uses Outlook application to mass-mail itself to each recipient in 
each
address book. The mass-mail portion is similar to the infamous Melissa virus.

The subject of the messages sent by the virus is:
    Check this
and the body of the message is:
    Have fun with these links.     Bye.

The worm attaches itself as "Links.vbs" to the message. When the receiver
double-clicks on the attachment, the worm executes and will mass-mail itself
again.

VBS/Freelink removes the sent mail from the user's "Sent Mail" folder. In this
way it tries to hide the mass mailings from the user.

As address books typically contain group addresses, the end result of 
executing
the VBS/Freelink worm inside an organization is that the first infected user
sends the message to everybody in the organization. After this, other users
open the message and send the message again to everyone else. This quickly
overloads e-mail servers.

A technical description of the virus is available in the Data Fellows virus
description database at:
http://www.DataFellows.com/v-descs/freelink.htm
Sample pictures of e-mail messages generated by VBS/Freelink are available in
the Data Fellows virus screenshots center at:
http://www.DataFellows.com/virus-info/v-pics/

About Data Fellows

Data Fellows is a leading developer of centrally managed, widely distributed
security solutions. The company offers a full range of award-winning,
integrated anti-virus, file encryption and VPN solutions for workstations,
servers and gateways. F-Secure products and Framework are uniquely suited for
delivery of Security as a Service™ by enterprise IT departments as well as a
wide range of partners including ISPs, outsourcing firms and ASPs. For the
end-user, Security as a Service is invisible, automatic, reliable, always-on,
and up-to-date. For the administrator, Security as a Service means 
policy-based
management, instant alerts, and centralized management of a
massively-distributed user base.  

A privately owned company, Data Fellows offers a worldwide network of
distribution, technical support and training in over 80 countries.

For more information, contact
Data Fellows, 675 North First Street, 8th  floor, 
San Jose, CA 95112; 
tel 408-938-6700; fax 408-938-6701;
http://www.DataFellows.com   or   info@xxxxxxxxxxxxxxxx

Mailing list policy

You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving us
your e-mail address for this purpose.Our mailing list are for the
exclusive use and the expressed purpose of Data Fellows and are not
sold or or given to third parties.

If you no longer wish to receive our press releases, or your email address 
has been added to our lists without your consent, you can unsubscribe at 
http://www.DataFellows.com/news/subscribe.html

If you only wish to receive our press releases concerning viruses, 
please go to 
http://www.DataFellows.com/news/subscribe.html
and first unsubscribe from 
press-english-interest@xxxxxxxxxxxxxxxxxxxxx
and then subscribe to 
press-english-virus-announcement@xxxxxxxxxxxxxxxxxxxxx


________________________________________________

 Marita Nasman-Repo             tel:    +358 9 8599 0613
 Communicator                   fax :   +358 9 8599 0599
                                mobile: +358 40 517 4613

 Data Fellows Corporation       http://www.DataFellows.com 

 F-Secure products: Integrated Solutions for Enterprise Security