Re: [iwar] [fc:New.virus.deletes.files.claims.to.be.vote.on.terrorism.issues]

From: Tony Bartoletti (azb@llnl.gov)
Date: 2001-09-25 17:02:33


Return-Path: <sentto-279987-2358-1001462496-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 25 Sep 2001 17:03:10 -0700 (PDT)
Received: (qmail 9572 invoked by uid 510); 26 Sep 2001 00:01:56 -0000
Received: from n17.groups.yahoo.com (216.115.96.67) by 204.181.12.215 with SMTP; 26 Sep 2001 00:01:56 -0000
X-eGroups-Return: sentto-279987-2358-1001462496-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by mq.egroups.com with NNFMP; 26 Sep 2001 00:01:37 -0000
X-Sender: azb@llnl.gov
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_3_2_2); 26 Sep 2001 00:01:36 -0000
Received: (qmail 93740 invoked from network); 26 Sep 2001 00:01:34 -0000
Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 26 Sep 2001 00:01:34 -0000
Received: from unknown (HELO smtp-2.llnl.gov) (128.115.250.82) by mta3 with SMTP; 26 Sep 2001 00:01:34 -0000
Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id RAA02735 for <iwar@yahoogroups.com>; Tue, 25 Sep 2001 17:01:32 -0700 (PDT)
Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id RAA07871 for <iwar@yahoogroups.com>; Tue, 25 Sep 2001 17:01:33 -0700 (PDT)
Message-Id: <4.3.2.7.2.20010925165937.00b87520@poptop.llnl.gov>
X-Sender: e048786@poptop.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
To: iwar@yahoogroups.com
In-Reply-To: <200109250420.VAA15678@big.all.net>
From: Tony Bartoletti <azb@llnl.gov>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 25 Sep 2001 17:02:33 -0700
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] [fc:New.virus.deletes.files.claims.to.be.vote.on.terrorism.issues]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


>
>TROJ_VOTE.A deletes certain antiviral files, adds the file Zacker.vbs to
>the local hard drive, modifies the infected user's Internet Explorer
>startup page, and formats the infected user's drive c:\.

That is a peculiar and self-defeating set of activities - add files, then 
destroy them with a drive format.

Perhaps the perp, if caught, is hoping to invoke an insanity defense.

____tony____



Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900





------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/XrFcOC/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT