VIRUS ALERT 3/6/01 - Norton Level 3, McAfee Risk As sessment Hi

OK OK OK. How many times are you going to let everyone know?

Are you still recovering from your hosting duties.......it is
showing.....<grin>

Rick

-----Original Message-----
From: Katharine Barry [mailto:kbarry@...]
Sent: Wednesday, March 07, 2001 12:46 AM
To: Vantage @ Yahoo Groups; Vista egroup
Subject: [Vantage] VIRUS ALERT 3/6/01 - Norton Level 3, McAfee Risk
Assessment High
Importance: High


Both Norton and McAfee have virus definitions released 3/6/01 that will
catch this.

W32.Naked@mm is a mass mailing worm that disguises itself as flash movie.
The attachment is named NakedWife.exe. This worm, after it has attempted to
email everyone in the Microsoft Outlook address book, will attempt to delete
several system files. This will leave the system unusable, requiring a
re-install.

NOTE: This worm was previously detected as W32.HLLW.JibJab@mm.

Technical description:

When first executed, W32.Naked@mm displays a window that appears to be
loading a Flash movie. The window will display the words "JibJab." If you
click the "Help > About Windows" menu, the following message will be
displayed:

You're are now F***ED. (c) 2001 by BGK (Bill Gates Killer)

In the background, while the flash movie is "loading", this worm attempts to
send itself to everyone in the Microsoft Outlook address book. The message
that this worm sends is as follows:

Subject:

Naked Wife

Message:

My wife never look like that! ;-)
Best Regards,
[UserName]

where [UserName] is the user name that was used when registering Microsoft
Outlook.

After the worm has attempted to mass-mail itself, it will attempt to delete
all files from the \Windows and \Windows\System folders that have any of the
following extensions:

.ini
.log
.dll
.exe
.com
.bmp

If this payload is executed, the only way to get the system back to an
operational state is to reinstall it.

SARC has also received several corrupted samples. The corrupted variant of
this worm will be detected as W32.Naked.dam. The corrupted variant cannot
cause any damage to the system. However, if found, it should be deleted.

To remove this worm:

1. Run LiveUpdate to make sure that you have the most recent virus
definitions.
2. Start Norton AntiVirus (NAV), and then run a full system scan, making
sure that NAV is set to scan all files.
3. Delete any files detected as W32.Naked@mm or W32.Naked.dam.

If the worm has been executed, it is very likely that you will have to
reinstall Windows.

Katharine Barry
Barry Consulting Group
Epicor Authorized Partner
98 Main Street, # 353
Tiburon CA 94920
Phone 877.977.3400, Fax 415.789.9425
Email: kbarry@...
http://www.barryconsulting.com

This email message is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.






Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/