Metromedia Fiber Network Information Security Directorate Security Operations Center Virus Alert: MCA2001-9 September 24, 2001 Name: TROJ_VOTE.A Aliases: TROJ_VOTE.A; WTC.EXE Affected Systems: All systems running Microsoft Outlook Bottom Line Up Front: TROJ_VOTE.A is a highly destructive new virus which is currently spreading in-the-wild (discovered at 2:30 P.M., September 24, 2001). This destructive Trojan was created using Visual Basic 5. It propagates via Microsoft Outlook by sending emails to addresses listed in an infected user's address book. It arrives in an email with the following: Subject: FW: Peace between America and Islam Message Body: Hi Is it a war against America or Islam. Lets Vote to live in peace. Attachment: WTC.EXE TROJ_VOTE.A deletes certain antiviral files, adds the file Zacker.vbs to the local hard drive, modifies the infected user's Internet Explorer startup page, and formats the infected user's drive c:\. Technical Recommendation: This is a new virus and fixes do not yet exist. If you receive an email with the above subject line or with an attachment WTC.EXE, DO NOT OPEN THEM. MFN e-mail users should always be cautious when opening e-mail attachments. Review email attachment names prior to opening. If the email is from someone you don't recognize or responding to a question you did not ask, do not open the email directly. Users are further reminded to ensure virus protection on personal computers is current. ================================================ Travis Email: Bonkat_private | Bonkat_private ================================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 14:12:23 PDT