Return-Path: <sentto-279987-2324-1001391626-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 24 Sep 2001 21:22:12 -0700 (PDT) Received: (qmail 2750 invoked by uid 510); 25 Sep 2001 04:20:47 -0000 Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 25 Sep 2001 04:20:47 -0000 X-eGroups-Return: sentto-279987-2324-1001391626-fc=all.net@returns.onelist.com Received: from [10.1.1.222] by ml.egroups.com with NNFMP; 25 Sep 2001 04:20:26 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 25 Sep 2001 04:20:25 -0000 Received: (qmail 83781 invoked from network); 25 Sep 2001 04:20:25 -0000 Received: from unknown (10.1.10.27) by 10.1.1.222 with QMQP; 25 Sep 2001 04:20:25 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 25 Sep 2001 04:20:25 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA15678 for iwar@onelist.com; Mon, 24 Sep 2001 21:20:24 -0700 Message-Id: <200109250420.VAA15678@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 24 Sep 2001 21:20:24 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:New.virus.deletes.files.claims.to.be.vote.on.terrorism.issues] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Metromedia Fiber Network Information Security Directorate Security Operations Center Virus Alert: MCA2001-9 September 24, 2001 Name: TROJ_VOTE.A Aliases: TROJ_VOTE.A; WTC.EXE Affected Systems: All systems running Microsoft Outlook Bottom Line Up Front: TROJ_VOTE.A is a highly destructive new virus which is currently spreading in-the-wild (discovered at 2:30 P.M., September 24, 2001). This destructive Trojan was created using Visual Basic 5. It propagates via Microsoft Outlook by sending emails to addresses listed in an infected user's address book. It arrives in an email with the following: Subject: FW: Peace between America and Islam Message Body: Hi Is it a war against America or Islam. Lets Vote to live in peace. Attachment: WTC.EXE TROJ_VOTE.A deletes certain antiviral files, adds the file Zacker.vbs to the local hard drive, modifies the infected user's Internet Explorer startup page, and formats the infected user's drive c:\. Technical Recommendation: This is a new virus and fixes do not yet exist. If you receive an email with the above subject line or with an attachment WTC.EXE, DO NOT OPEN THEM. MFN e-mail users should always be cautious when opening e-mail attachments. Review email attachment names prior to opening. If the email is from someone you don't recognize or responding to a question you did not ask, do not open the email directly. Users are further reminded to ensure virus protection on personal computers is current. Although it's just been discovered today, both Symantec and Trend have updated definitions for it. I checked Symantec's, McAfee's and Trend's sites for the information. For Symantec: <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32vote.a@mm.htm">http://securityresponse.symantec.com/avcenter/venc/data/w32vote.a@mm.htm> Trend: <a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VOTE.A">http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_VOTE.A> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/XrFcOC/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT