NEW VIRUS - DON'T OPEN ATTACHMENTS

To: s*@egroups.com
Subject: [sibrob] NEW VIRUS - DON'T OPEN ATTACHMENTS
From: E* G*
Date: Fri, 19 May 2000 18:27:10 EDT
Friday May 19 01:00 PM EDT

New virus not spreading as fast as "Love"

By Paul Festa, CNET News.com

A new virus on the loose could make the "Love" bug pale by comparison but so 
far has not spread nearly as widely or as quickly.

Free Tech Help Antivirus firms are closely monitoring the new outbreak this 
morning and say so far only a handful of instances have been reported to 
them. But they caution that the virus has the potential to spread rapidly 
and cause even more damage than its recent predecessor.
"Everything on the computer is destroyed," said Vincent Weafer, director of 
Symantec's antivirus research center.

But this morning Weafer said "less than a dozen" corporations in Israel, 
Europe and the United States have reported infections to Symantec. "It's 
very much a wait-and-see at the moment," he said.
The FBI's National Infrastructure Protection Center this morning issued an 
alert on the virus and has dubbed it "NewLove.VBS."

***The NIPC has also opened an investigation into the matter, the posting 
said, and is warning people not to open any email attachments.

Perhaps even more disquieting than the destructive payload is the fact that 
the virus alters itself to sneak around traditional virus scanners.

This meaner, smarter bug comes on the heels of the so-called I Love You 
virus that wreaked havoc and caused billions of dollars in damage earlier 
this month. The new one threatens not only to overwrite files on victims' 
computers but to destroy data, programs and crucial operating software on 
them as well.

The viruses are not related to each other, according to Computer Associates.

While the potential effects of this new virus could be more crippling than 
the notorious Love bug, it has not spread as widely.
A San Francisco Bay Area firm whose 5,000 desktops received the virus got it 
from its office in Israel, according to Trend Micro. But the company 
cautioned against concluding from that fact that the virus originated in 
Israel.

Security analysts are waiting for more reports to trickle in from U.S. 
corporations hit by the new virus. But Trend Micro representatives said the 
bug's effects in the United States could remain limited.
"This virus is not going to break out like the Love virus did," said Dan 
Schrader, chief security analyst at Trend Micro.

Weafer said that although the number of affected companies is small, "it's 
not atypical for a worm to start with very low numbers and spread very 
rapidly."

"When we first saw the Explorer.zip virus, which started in Israel, there 
were two cases. Twenty-four hours later it had spread worldwide," he said.

Schrader said that people are more cautious about attachments sent to them 
via email. Because of the awareness generated by the I Love You virus, more 
email users may be deleting attachments. "Especially after the brouhaha with 
the Love virus, people are more cautious," Schrader said.

Like the Love bug, the new virus exploits features of Microsoft's Outlook 
email program to send itself to all contacts in the victim's address book. 
The virus is written as a VisualBasic attachment, which can be recognized by 
the suffix ".vbs."

Microsoft this week pledged to shore up Outlook with an upgrade meant to 
thwart the spread of viruses like the Love bug. Symantec said the upgrade 
would be effective against the new virus, but it has not yet been released.

The Love virus has seen a wide array of mutations--not an uncommon 
development among viruses--which Symantec numbered at around 30 so far. Some 
of the Love variations have been more destructive than the original, 
damaging system files in addition to the image and audio files targeted by 
their predecessor.

The new virus does not overwrite computer files; instead, it shrinks them 
down to nothing, targeting files on both local and network drives.

In addition, it imitates the behavior of biological viruses in making subtle 
alterations as it spreads.

The mutation occurs in three places. First, the virus changes the subject 
header of the email by selecting at random from various document files found 
on the victim's computer and adopting that file's name, preceded by "FW:."

Next, the virus renames itself with the same name, followed by ".vbs."
Finally, the virus inserts random text in the VBS script itself. This code 
does not alter the behavior of the virus but throws virus scanners off its 
scent.

Symantec said it was at work on a fix that would exclude those randomly 
generated comments in identifying the virus.
One possible avenue of attack for the antivirus crews is the fact that the 
new virus comes in an email with a blank body. A filter that scraps emails 
with "FW:" in the subject header and nothing in the body would be effective 
against the virus without filtering out a large number of legitimate 
attachments, Weafer said.

Symantec's Weafer stressed that, contrary to a Symantec press release and 
earlier published reports, the new virus is not a variant of the Love bug. 
Although the viruses share key characteristics, such as the reliance on 
Microsoft's Outlook address book and VBS scripting language, they do not 
share source code.



________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


------------------------------------------------------------------------
72% off on Name brand Watches!
Come and buy today and get free shipping!
http://click.egroups.com/1/4011/5/_/496957/_/958775232/
------------------------------------------------------------------------
Prev by Date: planting deep
Next by Date: Bloom report - Minneapolis
Prev by thread: Re: Bloom report - Minneapolis
Next by thread: planting deep
Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index