Archived posting to the Leica Users Group, 2002/01/29
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]This one started making the rounds yesterday, particularly in Europe. It appears to be not too destructive, but I would still delete anything that has "party pics" as a subject line. I don't think there is a virus definition available for it yet. At 09:27 AM 1/29/02 -0500, you wrote: >I received three posting today with this subject line. >This is not a hoax. See below. > > >Happy snaps, >Steven Alexander > > > > > >-----Original Message----- >From: McHugh Robert J Contr ESC/GAR >Sent: Tuesday, January 29, 2002 8:31 AM >To: ESC/GA Personnel List >Subject: Virus Heads up > >For your information and future email safety... >As always, give me a call if you have questions, >Rob > >NOTE: Spaces were added to file name extensions to avoid content filtering >of this report. >SUMMARY: A new worm known as W32/Myparty@MM has been detected in the wild. >The Air Force has no reports of infections by this worm at any Air Force >bases. Symantec has released the 0127 definitions. This worm will be covered >under McAfee's DAT file 4184 but is already covered under an "extra.dat" >file on an interim basis. >DETAILS: This mass-mailing worm arrives in an email message containing the >following information: >Subject: new photos from my party! > >Body: Hello! >My party... It was absolutely amazing! >I have attached my web page with new photos! >If you can please make color prints of my photos. Thanks! > >Attachment: www.myparty.yahoo.com (29,696 byte PE file) >Running the attachment infects the local machine. The virus copies itself to >C:\Recycled\regctrl.exe and executes that file. The users default SMTP >server is retrieved from the registry. >HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager >\Accounts\00000001 >The virus uses this SMTP server to send itself out to all addresses found in >the Windows Address Book and addresses found within .DBX files. >See LINKS for vendor details. >SOLUTION: >Update to Symantec's latest antivirus Signature, 0127, and to McAfee's >EXTRA.DAT. See AFCERT's ftp site for EXTRA.DAT files and AFCERT web page for >definition and/or DAT files at URLs in LINKS section below. At the >perimeter of your network, ensure email attachments with "c o m" extensions >are stripped at your gateway, firewall or mail server. Recommendations on >configuring NAV Exchange, Firewall, or Gateway to block files based on file >attachment names are listed in Symantec's document "How to block email-based >viruses using Symantec's Virus Protection for Gateways, Firewalls, and >Groupware", see LINKS below. >LINKS: >https://afcertmil.lackland.af.mil/afcert/virus/symantecknowledge.html >https://afcertmil.lackland.af.mil/afcert/virus/symantec_soft.html >ftp://afcert.kelly.af.mil/pub/antivirus/NAV/signatures/ >http://vil.nai.com/vil/content/v_99332.htm >ftp://afcert.kelly.af.mil/pub/antivirus/McAfee/Dats/extradat/ > >-- >To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html Jeffery Smith New Orleans, LA - -- To unsubscribe, see http://mejac.palo-alto.ca.us/leica-users/unsub.html