VANAGON archives -- March 2002, week 3 (#400)

Date: Tue, 19 Mar 2002 10:05:56 -0800 Reply-To: Walter Evens <wrevens@MYEXCEL.COM> Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com> From: Walter Evens <wrevens@MYEXCEL.COM> Subject: Fw: [FreedomTeam] Fw: Virus Alert Content-Type: text/plain; charset="iso-8859-1"

FYI VANGONEERS.

Walter Evens Hesperia, CA, USA 2-85GLs

----- Original Message ----- From: Vic Black To: FreedomTeam Sent: Tuesday, March 19, 2002 6:00 AM Subject: [FreedomTeam] Fw: Virus Alert

fyi VIC BLACK

----- Original Message ----- From: wildcat10 To: donvicenzo@myexcel.com ; kristi_cantu@dell.com Sent: Monday, March 18, 2002 4:24 PM Subject: Fw: Virus Alert

_______________________________________________________________ Get your own FREE email account at iVillage.com! http://webmail.ivillage.com/

<-----Original Message----->

From: virenp@mail.utexas.edu Sent: 3/14/2002 7:32:02 PM To: $CMLECT@utxdp.dp.utexas.edu Subject: Virus Alert

To: $cmprof@utxdp.dp.utexas.edu, $cmlect@utxdp.dp.utexas.edu, $cmpdoc@utxdp.dp.utexas.edu, $cmgrad@utxdp.dp.utexas.edu

The following is a notice of a new virus making the rounds. This one is especially interesting because it masquerades as a Microsoft Security Patch. Please note that Microsoft does not send executables via email. Please do not open any email with such attachments. Also take the necessary precautions such as making sure your virus scanner signatures and operating systems are up-to-date. If you suspect that your computer has been infected and need help, please call 1-2667 or send email to macpc@mail.cm.utexas.edu. Thanks.

---- W32/Gibe@MM is a mass-mailing worm that is making an increasing nuisance of itself. The worm masquerades as a Microsoft Security Update. When the naive user opens the attachment (Q216309.EXE), the worm installs itself, drops a backdoor program, and propagates itself using Microsoft Outlook and an internal SMTP engine.

Email addresses for the next set of victims are downloaded from Internet-based directories and written to 02_N802.DAT. Addresses found in the Outlook address book and local Web pages are also used. The worm also attempts to copy itself to all mapped drives including remote volumes.

The backdoor Trojan, GFXACC.EXE, exposes the infected computer to the risk of remote control by attackers.

Everyone should be aware that Microsoft never sends software through email.

http://www.microsoft.com/technet/security/policy/swdist.asp

-- Platform -- Windows

-- Detection -- Presence of BCTOOL.EXE, WINNETW.EXE, Q216309.EXE, VTNMSCCD.DLL, GFXACC.EXE, and 02_N803.DAT in the Windows directory.

Open port 12378

-- Viren Patel, Ph.D. Phone: (512) 471-1031 Chemistry & Biochemistry Fax: (512) 471-6835 Welch Hall 3.428 The University of Texas at Austin, Austin, Texas 78712-1167 Yahoo! Groups Sponsor ADVERTISEMENT

Subscribe: Freedom4EverTeam-subscribe@yahoogroups.com Unsubscribe: Freedom4EverTeam-unsubscribe@yahoogroups.com URL to this page: http://groups.yahoo.com/group/Freedom4EverTeam/

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

Back to: Top of message | Previous page | Main VANAGON page

Please note - During the past 17 years of operation, several gigabytes of Vanagon mail messages have been archived. Searching the entire collection will take up to five minutes to complete. Please be patient!

Return to the archives @ gerry.vanagon.com

The vanagon mailing list archives are copyright (c) 1994-2011, and may not be reproduced without the express written permission of the list administrators. Posting messages to this mailing list grants a license to the mailing list administrators to reproduce the message in a compilation, either printed or electronic. All compilations will be not-for-profit, with any excess proceeds going to the Vanagon mailing list.

Any profits from list compilations go exclusively towards the management and operation of the Vanagon mailing list and vanagon mailing list web site.