CRIME [Fwd: [C.r.i.m.e.-announce] FW: NIPC Alert 01-029]

From: Geo (geoneve@private)
Date: Tue Dec 04 2001 - 19:40:48 PST

Next message: Toby Kohlenberg: "CRIME creating logs that will stand up in court"

Previous message: Kuo, Jimmy: "RE: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

attached mail follows:

-----Original Message----- From: NIPC Watch To: NIPC Watch Sent: 12/4/01 4:56 PM Subject: NIPC Alert 01-029 Importance: High National Infrastructure Protection Center "VBS/Mass-Mailing Worm, W32/Goner.A" Alert 01-029 4 December 2001 The National Infrastructure Protection Center (NIPC) is tracking a new mass-mailing worm called W32/Goner.A. This is a very fast-spreading mass-mailing worm that appears to take advantage of Visual Basic Scripting built into Microsoft Outlook and Outlook Express. Developing information indicates that this worm mails itself to all the addresses within the infected computer's Outlook or Outlook Express address book, sets itself as a server process so it does not show up in the task manager, and deletes the anti-virus definitions from many common anti-virus products. Recommended Actions: Update virus definitions and ensure they include the signature for Goner or request definition updates from your technical support personnel. Most major anti-virus companies have provided new definition files for this virus. If your definition file pre-dates 4 December 2001, it is not current. Older definitions do not alert on this worm. For individual users: Consider deleting unexpected e-mail file attachments without opening them and enabling browser and e-mail security settings. Exercise particular caution with respect to e-mails that contain attachments that end in .exe, .vbs, .bat, .scr, and .pif. These actions will help protect you against this worm and other mass-mailing viruses in the computer world today. The anti-virus software industry is aware of Goner and is providing signature files to download to detect and remove it from infected hosts. Full descriptions and removal instructions are located at the following anti-virus web sites: F-Secure Corp. http://www.f-secure.com/v-descs/goner.shtml Network Associates Inc./McAfee.com http://vil.mcafee.com/dispVirus.asp?virus_k=99272& Symantec Corp. http://www.symantec.com/avcenter/venc/data/w32.goner.a@private Trend Micro Inc. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_GONE .A As always, the NIPC encourages computer users to keep anti-virus and systems software current by frequently checking vendor web sites for updates, and routinely checking for alerts issued by the NIPC, CERT/CC, and similar organizations. The NIPC encourages recipients of this alert to report computer intrusions to their local FBI office http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@private _______________________________________________ C.r.i.m.e.-announce mailing list C.r.i.m.e.-announce@private http://lists.whiteknighthackers.com/mailman/listinfo/c.r.i.m.e.-announce

Next message: Toby Kohlenberg: "CRIME creating logs that will stand up in court"
Previous message: Kuo, Jimmy: "RE: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:43 PDT