[27710] in North American Network Operators' Group
Re: Trojan Alert was: Check this
daemon@ATHENA.MIT.EDU (Kai Schlichting)
Thu Mar 9 16:45:54 2000
Message-Id: <4.2.2.20000309160457.01fefce0@mail.speedus.net>
Date: Thu, 09 Mar 2000 16:08:15 -0500
To: nanog@merit.edu
From: Kai Schlichting <kai@pac-rim.net>
In-Reply-To: <4.2.0.58.20000309175114.00ca6cc0@mail.wecke.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At Thursday 03:53 PM 3/9/00 , Hermann Wecke wrote:
>At 15:28 09/03/2000 -0500, Kai Schlichting wrote:
>>Can someone with a lucky hand in Visual Basic actually tell us what
>>the trojan attachment we saw (LINKS2.VBS) we saw (full mail headers
>>included, in case Shawn hasn't seen them yet) actually does.
>
>Check at NAI:
>
>http://vil.nai.com/vil/vbs10225.asp <http://vil.nai.com/vil/vbs10225.asp>
>
Note the warning on that page: ensure that scanning for .VBS files
is on, unless you have it configured to scan for ALL files.
The warning is very applicable to Norton AV as well:
My Norton AV is up to date, and the default is NOT to scan for .VBS
files (!) How could they miss that. I can't recall changing the
scan settings from 'all' to 'some' files either. Looks like we
have a real winning worm here that evades detection by lamely
configured virus scanners - what the real default scan settings
are is YTBD. Meanwhile, NETWORK.VBS is marching on.
bye,Kai
