Return-Path: <sentto-279987-3316-1003850495-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 23 Oct 2001 08:23:08 -0700 (PDT) Received: (qmail 20162 invoked by uid 510); 23 Oct 2001 15:21:03 -0000 Received: from n5.groups.yahoo.com (216.115.96.55) by 204.181.12.215 with SMTP; 23 Oct 2001 15:21:03 -0000 X-eGroups-Return: sentto-279987-3316-1003850495-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n5.groups.yahoo.com with NNFMP; 23 Oct 2001 15:21:35 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 23 Oct 2001 15:21:35 -0000 Received: (qmail 47357 invoked from network); 23 Oct 2001 15:21:35 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 23 Oct 2001 15:21:35 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 23 Oct 2001 15:21:34 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9NFLug21386 for iwar@onelist.com; Tue, 23 Oct 2001 08:21:56 -0700 Message-Id: <200110231521.f9NFLug21386@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 23 Oct 2001 08:21:56 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Worm.Goes.for.Mass.Mailings] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Worm Goes for Mass Mailings The Virginian-Pilot and The Ledger-Star, 10/23/2001 <a href="http://www.antionline.com/showthread.php?threadid=121403">http://www.antionline.com/showthread.php?threadid=121403> With a long list of largely obscene subject lines, this e-mail worm is a mass-mailing machine, but does little else to the computer's hard drive. Like countless others, it multiplies through Microsoft Outlook. Name: W32.Redesi(AT)mm Risk Level: Low Aliases: Dark Machine, W32.Redesi(AT)mm, W32/Redesi.gen(AT)MM, W32/ Ucon(AT)MM Type: VBScript worm (A virus that usually replicates using computer networks, such as via email, and is written in Visual Basic Script). Purpose: This is a mass-mailing worm which sends itself to all users found in the Microsoft Outlook Address book. When the attachment is opened, it pops up a fake gray error box that reads "C:Rede.exe is not a valid Win32 application." The worm copies itself to the root of the "C" drive with the following names: "c:Common.exe," "c:disk.exe," "c:Rede.exe," "c:Si.exe" and "c:UserConf.exe" and sends itself to everyone in the Address Book. Precautions and fixes: Download your antivirus program's latest update. Run a full system scan. Delete any files named "W32.Redesi(AT)mm." Note: Here are sample subject lines from these e-mails: Scientists have found traces of the HIV virus in cow's milk...here is the proof -- Will Yay. I caught a fish -- Si I want to live in a wooden house -- Arwel The body text will read "heh. I tell ya this is nuts ! You gotta check it out !" Sources: McAfee AVERT Research Center; Symantec. (C) 2001 The Virginian-Pilot and The Ledger-Star, Norfolk, VA. via ProQuest Information and Learning Company; All Rights Reserved ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST