[Full-Disclosure] 9/11 virus

From: Bassett, Mark (mbassett_at_omaha.com)
Date: 09/10/03

  • Next message: titus_at_hush.com: "[Full-Disclosure] HTA/<object> vulnerability" 
    To: <full-disclosure@lists.netsys.com>
Date: Wed, 10 Sep 2003 09:06:48 -0500

    Here we go again.. :P

    http://www.nwfusion.com/news/2003/0904firstofpe.html

    By Dan Verton
    Computerworld
    09/04/03

    Antivirus researchers late Wednesday discovered what is being described
    as the first of potentially many "9/11" anniversary viruses spreading on
    the Internet.

    While it's too early to tell what, if any, damage the new virus is
    causing, Eric Kwon, president and CEO of San Jose-based Hauri Inc., the
    company that discovered the virus, said its impact seems to be similar
    to that caused by the recent outbreak of the Sobig worm, which
    overloaded e-mail servers with large volumes of spam.

    The 9/11 virus contains the headline "It's Near 911" or a similar
    variation, as well as an attachment labeled "911.jpg." Users should not
    open the e-mail or the attached file.

    "Like previous worm viruses, the 9/11 virus collects e-mail lists from
    Microsoft Outlook in order to spread more rapidly, using the provocative
    headline about 9/11 to get the unsuspecting user to open the e-mail,"
    said Kwon. "In this case, there also appears to be an intention of
    causing fear, as well as a possible political motivation."

    Many virus experts have been expecting an outbreak of some kind of
    specific 9/11 virus or worm, and this may be just the first of many to
    appear in the wild during the next two weeks, added Kwon.

    Antivirus company Symantec Corp. also identified the virus, which it
    called W32.Neroma@mm, on its Web site, saying it is a "mass-mailing worm
    that attempts to use Microsoft Outlook to e-mail itself to all the
    contacts in the Windows Address Book."

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: titus_at_hush.com: "[Full-Disclosure] HTA/<object> vulnerability"

    Relevant Pages

    • Re: Watch out for this
      ... The 'swen' worm and its effects, ... there is not much you can do to stop the flood. ... e-mail for virus infection. ... You can use a remote virus scan from one of the antivirus program ...
      (microsoft.public.security.virus)
    • Re: I ran the exe file !!!!
      ... point before the virus infection. ... For the moment you should simply stick with MS windows Updates. ... What You Should Know About the Swen Worm ... you have Windows ME or Windows XP, you could run the System Restore ...
      (microsoft.public.security.virus)
    • Windowx 200x/XP virus proof document released
      ... i was asking people to send me virus and worms to my ... Who never downloaded the last remove tool for a last worm or virus ... administrative permission to make system changes. ... 3- Keep FULL CONTROL only to SYSTEM, ADMINISTRATORS and CREATOR OWNER. ...
      (microsoft.public.scripting.virus.discussion)
    • Windowx 200x/XP virus proof document released
      ... i was asking people to send me virus and worms to my ... Who never downloaded the last remove tool for a last worm or virus ... administrative permission to make system changes. ... 3- Keep FULL CONTROL only to SYSTEM, ADMINISTRATORS and CREATOR OWNER. ...
      (microsoft.public.security.virus)
    • Re: W32.DonkeyPunch@xxx VIRUS WARNING
      ... Farawaystan where it has virtually eliminated all donkeys. ... before this horrible virus is signalled in their country. ... | W32.DonkeyPunch@xxx is an extremely damaging worm. ... | to send itself to all contacts in your Micro$oft Outlook address book. ...
      (comp.security.misc)