Re: CRIME FW: NIPC Watch Daily Report 20 December

From: Raan Young (
Date: Thu Dec 20 2001 - 16:27:47 PST

  • Next message: George Heuston: "CRIME FW: Advisory 01-030 "Universal Plug and Play Vulnerabilities""

    A correction --
    > General -  The W32.Reezak.A@mm worm, sent under guise of a holiday
    > greeting, has recently surfaced.  The worm enters a computer as an e-mail
    > message with the subject line "Happy New Year" and the attachment
    > "Christmas.exe," which a recipient may believe is a Christmas card.  The
    > worm propagates via Microsoft Outlook and Outlook Express to everyone in
    > the receiver's address book.  The worm can disable selective keys on the
    > infected computer's keyboard and delete all the files found in the Windows
    > System Directory, rendering the computer inoperable.
    The correct spelling for this virus is "Reeezak" (3 "e"s), in case anyone
    wants to check it out with their favorite AV vendors.
    And a warning about a significant security hole in Windows XP and possibly
    ME or 98 --
    If you have installed and/or enabled the Universal Plug and Play feature for
    Windows ME or 98, or are using Windows XP (which has the feature installed
    and enabled automatically) you need to install this patch if your system is
    connected to the internet -- especially if it is connected fulltime and
    without a good firewall.
    In a nutshell, this security hole allows anyone on the network to take
    control of your computer and remotely execute commands.  For more details
    and a patch that addresses this problem, go here:
    The patch links are at the bottom of this page.
    Raan Young

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:49 PDT