Return-Path: <sentto-279987-2328-1001392104-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 24 Sep 2001 21:30:12 -0700 (PDT)
Received: (qmail 3165 invoked by uid 510); 25 Sep 2001 04:29:45 -0000
Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 25 Sep 2001 04:29:45 -0000
X-eGroups-Return: sentto-279987-2328-1001392104-fc=all.net@returns.onelist.com
Received: from [10.1.1.220] by ml.egroups.com with NNFMP; 25 Sep 2001 04:29:24 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 25 Sep 2001 04:28:24 -0000
Received: (qmail 25847 invoked from network); 25 Sep 2001 04:28:24 -0000
Received: from unknown (10.1.10.26) by 10.1.1.220 with QMQP; 25 Sep 2001 04:28:24 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 25 Sep 2001 04:29:24 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA15987 for iwar@onelist.com; Mon, 24 Sep 2001 21:29:24 -0700
Message-Id: <200109250429.VAA15987@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 24 Sep 2001 21:29:24 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Bottom.Line.Up.Front:.TROJ_VOTE.A.is.a.highly.destructive.new.virus]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
MetroMedia Fiber Network
Information Security Directorate
Security Operations Center
Virus Alert: MCA2001-9
September 24, 2001
Name: TROJ_VOTE.A
Aliases: TROJ_VOTE.A; WTC.EXE
Affected Systems: All systems running Microsoft Outlook
Bottom Line Up Front: TROJ_VOTE.A is a highly destructive new virus
which is currently spreading in-the-wild (discovered at 2:30 P.M.,
September 24, 2001). This destructive Trojan was created using Visual
Basic 5. It propagates via Microsoft Outlook by sending emails to
addresses listed in an infected user's address book. It arrives in an
email with the following:
Subject: FW: Peace between America and Islam
Message Body: Hi Is it a war against America or Islam. Lets Vote
to live in peace.
Attachment: WTC.EXE
TROJ_VOTE.A deletes certain antiviral files, adds the file Zacker.vbs to
the local hard drive, modifies the infected user's Internet Explorer
startup page, and formats the infected user's drive c:\.
Technical Recommendation: This is a new virus and fixes do not yet
exist. If you receive an email with the above subject line or with an
attachment WTC.EXE, DO NOT OPEN THEM. MFN e-mail users should always be
cautious when opening e-mail attachments. Review email attachment names
prior to opening.
If the email is from someone you don't recognize or responding to a
question you did not ask, do not open the email directly. Users are
further reminded to ensure virus protection on personal computers is
current.
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT