RE: CRIME W32.Aliz.Worm

From: Kuo, Jimmy (Jimmy_Kuo@private)
Date: Mon Nov 26 2001 - 16:40:00 PST

  • Next message: Andrew Plato: "RE: CRIME Kudos to Acting Police Chief Andrew Kirkland"

    Note detection for Aliz has been in both NAV and Scan since May.
    
    Detection for Badtrans.B, Scan's 4168 DATs or later are able to detect it.
    (That's a month ago.)  NAV needs an update.
    
    Jimmy
    
    -----Original Message-----
    From: Scott Elam
    To: crime@private
    Sent: 11/26/01 3:33 PM
    Subject: CRIME W32.Aliz.Worm
    
    The above worm has also just been upgraded to a 4 (out of 5) by Symantec
    (sorry Jimmy).  Have your employees update their virus definitions if
    they don't normally do it daily.  Aliz is a very simple worm but uses
    the Outlook MIME bug that allows your PC to be automatically exploited.
    
       http://www.sarc.com/
    
    Scott
    --
    Scott.Elam@private
    Sun Microsystems / Network Security Group / Computer Emergency Response
    Team
    
    
    -------- Original Message --------
    Subject: CRIME W32.Badtrans.B@mm
    Date: Mon, 26 Nov 2001 11:36:49 -0800
    From: "T. Sugahara" <sugahara@private>
    To: <crime@private>
    
    If you haven't already heard:  W32.Badtrans.B@mm is a MAPI worm that
    emails
    itself out as one of several different file names. This worm also drops
    a
    backdoor trojan that logs keystrokes. It's current distribution is
    extremely
    high.  I have received over 50 e-mails with the worm.  Please secure
    your
    networks against .pif's and .scr's if you haven't already.  Apologies if
    this is a repeat.
    
    T. Kenji Sugahara
    Chief Operations Officer
    Counterclaim
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:33:13 PDT