Date: Tue, 19 Mar 2002 10:05:56 -0800
Reply-To: Walter Evens <wrevens@MYEXCEL.COM>
Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com>
From: Walter Evens <wrevens@MYEXCEL.COM>
Subject: Fw: [FreedomTeam] Fw: Virus Alert
Content-Type: text/plain; charset="iso-8859-1"
FYI VANGONEERS.
Walter Evens
Hesperia, CA, USA
2-85GLs
----- Original Message -----
From: Vic Black
To: FreedomTeam
Sent: Tuesday, March 19, 2002 6:00 AM
Subject: [FreedomTeam] Fw: Virus Alert
fyi
VIC BLACK
----- Original Message -----
From: wildcat10
To: donvicenzo@myexcel.com ; kristi_cantu@dell.com
Sent: Monday, March 18, 2002 4:24 PM
Subject: Fw: Virus Alert
_______________________________________________________________
Get your own FREE email account at iVillage.com!
http://webmail.ivillage.com/
<-----Original Message----->
From: virenp@mail.utexas.edu
Sent: 3/14/2002 7:32:02 PM
To: $CMLECT@utxdp.dp.utexas.edu
Subject: Virus Alert
To: $cmprof@utxdp.dp.utexas.edu, $cmlect@utxdp.dp.utexas.edu,
$cmpdoc@utxdp.dp.utexas.edu, $cmgrad@utxdp.dp.utexas.edu
The following is a notice of a new virus making the rounds. This one is
especially interesting because it masquerades as a Microsoft Security
Patch. Please note that Microsoft does not send executables via email.
Please do not open any email with such attachments. Also take the
necessary precautions such as making sure your virus scanner signatures
and operating systems are up-to-date. If you suspect that your computer
has been infected and need help, please call 1-2667 or send email to
macpc@mail.cm.utexas.edu. Thanks.
----
W32/Gibe@MM is a mass-mailing worm that is making an increasing nuisance
of itself. The worm masquerades as a Microsoft Security Update. When the
naive user opens the attachment (Q216309.EXE), the worm installs itself,
drops a backdoor program, and propagates itself using Microsoft Outlook
and an internal SMTP engine.
Email addresses for the next set of victims are downloaded from
Internet-based directories and written to 02_N802.DAT. Addresses found
in the Outlook address book and local Web pages are also used. The worm
also attempts to copy itself to all mapped drives including remote
volumes.
The backdoor Trojan, GFXACC.EXE, exposes the infected computer to the
risk of remote control by attackers.
Everyone should be aware that Microsoft never sends software through
email.
http://www.microsoft.com/technet/security/policy/swdist.asp
--
Platform
--
Windows
--
Detection
--
Presence of BCTOOL.EXE, WINNETW.EXE, Q216309.EXE, VTNMSCCD.DLL,
GFXACC.EXE, and 02_N803.DAT in the Windows directory.
Open port 12378
--
Viren Patel, Ph.D. Phone: (512) 471-1031
Chemistry & Biochemistry Fax: (512) 471-6835
Welch Hall 3.428
The University of Texas at Austin, Austin, Texas 78712-1167
Yahoo! Groups Sponsor
ADVERTISEMENT
Subscribe: Freedom4EverTeam-subscribe@yahoogroups.com
Unsubscribe: Freedom4EverTeam-unsubscribe@yahoogroups.com
URL to this page: http://groups.yahoo.com/group/Freedom4EverTeam/
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.