[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RT] Virus alert - help needed



PureBytes Links

Trading Reference Links




  
  
    <IMG height=1 
      src="http://vil.mcafee.com/common/images/clear.gif"; width=10>
    
      
        
        
          
        
          
            <TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#edf3ff 
            border=0 summary="Virus Search Box">
              
              
                <FONT 
          size=2>
        
          
        
          Virus Profile
        
          
        
          
            
              
              
                
                  
                    
                    
                      <IMG height=9 
                        src="http://vil.mcafee.com/common/images/standard/corner_border_blue2_tl_9x9.gif"; 
                        width=9>
                      <IMG height=2 
                        src="http://vil.mcafee.com/common/images/clear.gif"; 
                        width=2>
                      <IMG height=9 
                        src="http://vil.mcafee.com/common/images/standard/corner_border_blue2_tr_9x9.gif"; 
                        width=9>
                    
                      <IMG height=7 
                        src="http://vil.mcafee.com/common/images/clear.gif"; 
                        width=1>
                  
                    
                    
                      <IMG height=9 
                        src="http://vil.mcafee.com/common/images/standard/corner_border_blue2_bl_9x9.gif"; 
                        width=9>
                      <IMG height=7 
                        src="http://vil.mcafee.com/common/images/clear.gif"; 
                        width=1>
                      <IMG height=9 
                        src="http://vil.mcafee.com/common/images/standard/corner_border_blue2_br_9x9.gif"; 
                        width=9>
                    
                      <IMG height=2 
                        src="http://vil.mcafee.com/common/images/clear.gif"; 
                        width=2>
        
          
        
          
            
              
              
                Virus 
                  Name:VBS/SST.gen@xx 
                <IMG height=1 
                  src="http://vil.mcafee.com/common/images/clear.gif"; 
                width=20>
                Date Added:5/9/01 
                  5:56:35 AM
        
          
        
          
            <TABLE cellSpacing=0 cellPadding=0 width="80%" bgColor=#ffffff 
            border=0 noshade>
              
              
                
                  
                    
                    
                      
                        <TABLE cellSpacing=0 cellPadding=0 width="100%" 
                        bgColor=#7f99cc>
                          
                          
                            <IMG height=10 
                              src="http://vil.mcafee.com/images/corner_trans_filled_tl_10x10.gif"; 
                              width=10>
                            <IMG height=2 
                              src="http://vil.mcafee.com/common/images/clear.gif"; 
                              width=2>VIRUS FAMILY 
                              STATISTICSOver the Past 30 Days
                            <IMG height=10 
                              src="http://vil.mcafee.com/images/corner_trans_filled_tr_10x10.gif"; 
                              width=10>
              
                <IMG height=2 
                  src="http://vil.mcafee.com/common/images/clear.gif"; 
width=2>
                
                  
                    
                    
                      Virus 
                      Name
                      <FONT 
                        color=#ffffff>InfectedFiles
                      <FONT 
                        color=#ffffff>ScannedFiles
                      % 
                        InfectedComputers
                    
                      VBS/SST.gen@xx
                      1,933
                      17,860,182
                      
                        
                          
                          
                            0.28
                    
                      VBS/SST
                      0
                      0
                      
                        
                          
                          
                            0.00
                    
                      VBS/SST@xx
                      145
                      2,866,068
                      
                        
                          
                          
                            <TD 
                    align=right>0.03
                <IMG height=2 
                  src="http://vil.mcafee.com/common/images/clear.gif"; 
              width=2>
              
                <IMG height=2 
                  src="http://vil.mcafee.com/common/images/clear.gif"; 
              width=2>
        
          
        
          Virus Characteristics:<FONT 
            style="FONT-SIZE: 11px">VBS/SST.gen@xx is a generic detection aimed 
            to catch many variants that are generated by the VBSWG (VBScript 
            Worm Generation) kit. 
            This virus is in the same family as <A target=_blank 
            href="http://vil.mcafee.com/dispvirus.asp?virus_k=99011";>VBS/VBSWG.gen@xx. 

            ----- On May 15, 2001 a new variant was discovered 
            ----- 
            This variant is sometimes referred to as "VBS.VBSWG2.Y@xx". This 
            variant is detected using the current Dats, and is also detected 
            with older DATs, starting with the 4123 DAT released on 2/21/2001. 
            It may arrive in an email message containing the 
            following information: 
            Subject: NUEVAS MEDIDAS DEL EJECUTIVO (NEW EXECUTIVE 
            MEASURES) Body: 
            Lo que nos faltaba: Batlle se desnuda para combatir la aftosa 
            !!Tenés que verlo, es impresionante!
            Attachment: Batlle_Desnudo.JPG.vbs 
            ----- End variant ----- 
            ----- On May 9, 2001 a new variant was discovered 
            ----- 
            This variant is sometimes referred to as "VBS/VBSWG.X@xx" or 
            "Homepage". This variant is detected using the current Dats, 4136, 
            as "VBS/SST.gen@xx", and is also detected with older DATs, starting 
            with the 4123 DAT released on 2/21/2001. It may arrive 
            in an email message containing the following information: 
            Subject: Homepage Body: Hi! You've got to see 
            this page! It's really cool ;O) File Attachment: 
            homepage.HTML.vbs 
            Attachment: homepage.HTML.vbs 
            It may open the default browser to one of 4 different 
            pornographic websites. 
            ----- End variant ----- 
            
            
            
            <A class=bodyTextLink 
            href="http://vil.mcafee.com/sendMail.asp?VIRUS_ID=.99082&NEW=YES&";>Send 
            This Virus Information To A Friend?
            
            
            Indications Of Infection:<FONT 
            style="FONT-SIZE: 11px">- Presence of homepage.HTML.vbs - 
            Presence of Batlle_Desnudo.JPG.vbs 
            Method Of Infection:This 
            script arrives as an e-mail attachment. Opening the attachment 
            infects your machine. Once infected, it tries to e-mail itself to 
            all recipients found in the Microsoft Outlook address book. 
            Note that when Outlook Express and Outlook98/2000 are both 
            installed (and with wsh support enabled) , if the user receives and 
            launches an infected .vbs file attachment while in Outlook Express, 
            the virus might still spread by sending itself silently to all 
            addresses using Outlook98/2000. So the virus might spread without 
            the user actually having Outlook98/2000 open. 
            Removal Instructions:Use 
            specified engine and DAT files for detection and removal. 
            Using File Filtering with WebShield SMTP for WindowsNT(not 
            applicable for Solaris):Within the Configuration console 
            select content filtering.Select Add.Add a Description for 
            the content filter rule such as VBSBlock.Select Filter on 
            Attachment File name.Filter on .vbsSelect OK. 
            AVERT Recommended Updates: 
            * <A target=_blank 
            href="http://office.microsoft.com/productupdates/default.aspx";>Office2000 
            Updates 
            * <A target=_blank 
            href="http://www.microsoft.com/technet/security/bulletin/ms99-032.asp";>scriptlet.typelib/Eyedog 
            vulnerability patch 
            * Outlook as an <A target=_blank 
            href="http://office.microsoft.com/downloads/2000/Out2ksec.aspx";>email 
            attachment security update 
            * Exchange 5.5 <A target=_blank 
            href="http://support.microsoft.com/support/kb/articles/Q248/8/38.asp";>post 
            SP3 Information Store Patch 5.5.2652.42 - this patch corrects 
            detection issues with GroupShield 
            For a list of attachments blocked by the Outlook patch and a 
            general FAQ, <A target=_blank 
            href="http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx";>visit 
            this link. Additionally, Network Administrators can 
            configure this update using an available tool - visit <A 
            target=_blank 
            href="http://support.microsoft.com/support/kb/articles/Q263/2/97.asp";>this 
            link for more information. 
            
            Virus Information:
            
              
              
                
              
                Discovery 
                  Date:  
                5/9/01
              
                <TD vAlign=top align=right 
                  width="50%">Origin:  
                Unknown 
              
                <TD vAlign=top align=right 
                  width="50%">Length:  
                Varies 
              
                <TD vAlign=top align=right 
                width="50%">Type:  
                Virus
              
                <TD vAlign=top align=right 
                  width="50%">SubType:  
                VBScript worm
              
                Risk 
                  Assessment:  
                Medium
            AliasesHome Page., HomePage., I-Worm.Homepage (AVP), 
            VBS.VBSWG2.D@xx (NAV), VBS.VBSWG2.Y@xx (NAV), VBS/VBSWG-X (Sophos), 
            VBS_HomePage.A (Trend), VBSWG.X (CA, Panda) , VBSWG.X@xx (F-Secure) 
            
            
          
<BLOCKQUOTE 
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  ----- Original Message ----- 
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black">From: 
  CRLeBeau@xxxxxxx 
  
  To: <A title=realtraders@xxxxxxxxxxxxxxx 
  href="mailto:realtraders@xxxxxxxxxxxxxxx";>realtraders@xxxxxxxxxxxxxxx 
  
  Sent: Friday, June 01, 2001 3:47 PM
  Subject: [RT] Virus alert - help needed 
  
  I am sending this 
  message from my laptop so no virus attached. A few minutes ago my 
  desktop computer was infected by an e-mail virus known as " "<A 
  href="mailto:VBS/SST.gen@xx";>VBS/SST.gen@xx virus" it is contained in a 
  file  "homepage.HTML.vbs" and it is commonly known as the 
  "HomepageVirus".  The virus has already sent a message to everyone in 
  my address book telling them to "Check out this homepage.  Pretty 
  cool!" and I have unknowingly infected many friends and associates. 
  I have been paying money to McAfee Online for a supposed state of the 
  art virus protection product that is updated almost every day but somehow 
  this virus slipped by.  Very disappointing.  This is the first 
  time I have been infected with any virus because I am very careful. 
   I was able to get the info above only after I found out I was 
  infected and had already sent the virus to everyone else in my desktop 
  address book. Any info about what else this virus might do to my 
  computer and how to get rid of it would be appreciated.  I am not a 
  computer wizard so even the most basic advice would be helpful. 
  Fortunately I monitor this realtraders list from my laptop which has 
  not been infected. Chuck LeBeau To 
  unsubscribe from this group, send an email 
  to:realtraders-unsubscribe@xxxxxxxxxxxxxxxYour 
  use of Yahoo! Groups is subject to the <A 
  href="http://docs.yahoo.com/info/terms/";>Yahoo! Terms of Service. 







Yahoo! Groups Sponsor












To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxxxxxx





Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



Attachment: Description: ""

Attachment: Description: ""

Attachment: Description: ""

Attachment: Description: ""

Attachment: Description: ""

Attachment: Description: ""

Attachment: Description: ""