[ISN] Zoher Worm Gives Unwelcome Christmas PC Present

From: InfoSec News (isnat_private)
Date: Wed Dec 26 2001 - 23:54:51 PST

  • Next message: InfoSec News: "[ISN] Fitting IT into homeland security"

    By Steve Gold, Newsbytes
    26 Dec 2001, 8:33 AM CST
    PC users returning to their machines after the Christmas break should
    take care to update their security software, after two antivirus firms
    issued warnings about the Zoher worm.
    F-Secure issued a level two security alert to users on its Radar
    security advisory service over the Christmas break. Level two is one
    of three alert levels. Level two means the virus is active in the wild
    and is technically sophisticated.
    In its advisory to customers, F-Secure says that Zoher worm arrives in
    an e-mail with the subject line of "Scherzo!" and with a Javascript
    attachment. The worm executes automatically on some systems.
    Russia's Kaspersky Lab issued a Christmas Day alert to customers about
    Zoher, which it says is 6.6 kilobytes large and coded in assembler
    The Moscow-based antivirus company adds that the message body is quite
    long and has been written in Italian. Kaspersky says that the code
    uses a similar approach to the Nimda worm - it can be activated from
    an infected e-mail when a user simply reads or previews a message.
    Kaspersky advises users not to open the infected e-mail more than once
    or else the worm will propagate itself from the users' PC.
    F-Secure's Web site is at http://www.f-secure.com .
    Kaspersky Lab's Web site is at http://www.kaspersky.com .
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 09:51:00 PST