>From: "Dean Ericksen" <dean@...>
>To: "ONENW List Managers" <listkeepers@...>
>Subject: Virus Warning - Do Not Open "Here you have, ;o)"
>Date: Mon, 12 Feb 2001 10:47:48 -0800
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
>Importance: Normal
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
>Sender: owner-listkeepers@...
>Reply-To: "Dean Ericksen" <dean@...>
>
>
>Good morning.
>
>A fast-moving virus is pouring through the internet, and it's critical that
>list subscribers exercise good judgment in not opening any message that
>contains the subject "Here you have, ;o)". The contained attachment,
>"AnnaKournikova.jpg.vbs" is a nasty little replicator that will re-mail
>itself automatically to your address book if opened.
>
>Just delete this message. Then, update your virus definitions. If you are
>currently not using anti-virus software, now is the ideal time to justify
>the purchase. Some useful links:
>
> Symantec Anti-Virus Research Center
> http://www.symantec.com/avcenter/
>
> McAfee Anti-Virus Center
> http://www.mcafee.com/anti-virus/
>
> Symantec Product Donation Information
> http://www.onenw.org/toolkit/donation.html
>
>ONE/Northwest's virus protection is doing a good job of sniping the virus as
>it hits our lists, but it's propagating so fast via personal mail that
>awareness should be high.
>
>ONE/Northwest maintains a good reference page on Virus prevention
>(http://www.onenw.org/toolkit/virus.html); here is an excerpt that you may
>find useful:
>
>+++++++++++++++++++++++++++
>
>*** 5 keys to preventing virus infection ***
>
>1. Use anti-virus software! Every computer in your organization should
>have up-to-date virus protection software that is regularly updated with new
>virus definitions. At ONE/Northwest we use Norton AntiVirus, one of the
>market-leading antivirus products. One of the best features of Norton
>AntiVirus is the fact that it can automatically update itself over the Web,
>with little need for regular human intervention. And Symantec, the makers
>of Norton AntiVirus, have an excellent product donation program. For
>donation information see our Web page on product donation information.
>
>2. Update your virus definitions at least every month! Your anti-virus
>software is only as good as the virus definitions it uses to catch them.
>Most anti-virus software can be configured to automatically update virus
>definitions or at least to schedule a reminder to do so manually. It is
>essential that you update virus definitions at least once a month on all the
>machines in your organization. If you're especially paranoid, update them
>once a week--and whenever there are credible news reports of new viruses.
>
>3. Be very careful of attachments. Many current viruses--including some
>extremely destructive ones--are spread via email attachments--often from
>people you know! (These viruses use folks' email address books to spread
>themselves.) You should never open an unexpected attachment, even from
>someone you know particularly if the file has a .exe, .vbs, or .shs
>extension. To be safe, you should save even "trusted" attachments to disk,
>and scan them with antivirus software before you open them! When in doubt,
>ask an expert BEFORE opening a suspect attachment. (See below for more
>recommendations on protecting yourself from email-borne viruses.)
>
>4. Check all incoming floppy disks. Make sure that either your antivirus
>software is configured to automatically scan floppies or that you manually
>do it before viewing its contents.
>
>5. Perform regular backups. Backups will protect you from a variety of
>disasters, including viruses. For more on backups see our article "Backing
>up your data."
>+++++++++++++++++++++++++++
>
>For those of you that need more thorough information on the most recent
>virus flare-up, here are the specs:
>
>+++++++++++++++++++++++++++
>
>Virus Profile VBS/SST is a High risk Virus
>
>Virus Name VBS/SST
>Date Added 2/12/01 10:32:53 AM
>
>Virus Characteristics
>This script was created by a worm generating tool. As such, the particulars
>of its actions may vary.
>
>The most common variant functions as follows.
>When run, the script copies itself to, "c:\WINDOWS\AnnaKournikova.jpg.vbs".
>It attempts to mail a separate email message, using MAPI messaging, to all
>recipients in the Windows Address Book using the following information:
>
> Subject: Here you have, ;o)
> Body:
> Hi:
> Check This!
> Attachment: AnnaKournikova.jpg.vbs
>
>It also creates a registry key and key values. The script refers to these
>values to check if the mailing routine has already taken place:
>
> HKEY_USERS\.DEFAULT\Software\OnTheFly
> HKEY_USERS\.DEFAULT\Software\OnTheFly\mailed=(1 for yes)
>
>Indications Of Infection
>- Presence of the file "c:\WINDOWS\AnnaKournikova.jpg.vbs"
>- Presence of the registry key: HKEY_USERS\.DEFAULT\Software\OnTheFly
>- Users complaining that you've sent them a virus.
>
>Method Of Infection
>This script arrives as an email attachment which. Opening this attachment
>infects your machine. Once infected, the script attempts to mail itself to
>all recipients found in the Windows Address Book.
>
>Removal Instructions
>Use specified engine and DAT files for detection and removal. Delete any
>file which contains this detection.
>
>Virus Information
>Discovery Date: 8/14/00
>Origin: Unknown
>Length: Varies
>Type: Virus
>SubType: VbScript
>Risk Assessment: High
>Aliases: VBS/VBSWG.J
>
>++++++++++++++++++++++++++++++++=
>
>Have a good (virus-free) Monday...
>
>
>-Dean
>--
>## http://www.onenw.org ##
>
>
>
>