[12284] in bugtraq
Re: Email virus on the prowel
daemon@ATHENA.MIT.EDU (Elias Levy)
Wed Oct 20 13:00:51 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991020095332.D14849@securityfocus.com>
Date: Wed, 20 Oct 1999 09:53:32 -0700
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Lots of people replied this is a worm/virus/trojan called VBS.Freelink.
For more information:
http://www.sarc.com/avcenter/venc/data/vbs.freelink.html
http://www.symantec.com/region/uk/avcenter/venc/vbs_freelink.html
http://vil.mcafee.com/vil/vbs10225.asp
http://www.DataFellows.com/v-descs/freelink.htm
http://www.trend.com/vinfo/virusencyclo/default5.asp?VName=VBS_FREELINK.
http://vil.nai.com/villib/alpha.asp
http://vil.nai.com/vil/vbs10225.asp
Decrypted versions of links.vbs and rundll.vbs:
http://www.tirsek.dk/bugtraq/links_vbs.txt http://www.tirsek.dk/bugtraq/rundll_vbs.txt
Highlights:
* The worm spread via email, IRC if it can find mIRC and
by copying itself to network drives.
* Its not new, but it has spread wide recently.
* Most scanner are not configured to look for .VBS files by default.
You must tell your scanner to look for them.
Thanks:
Norbert Luckhardt <nl@ct.heise.de>
Eric Chien <ecchien@jps.net>
Peter Tirsek <peter@tirsek.com>
Pollard, Bette <PollardB@od31.od.nih.gov>
Rodefeld, Sonja <Sonja.Rodefeld@dowjones.com>
Jaapar, Jazzery <JJaapar@RaymondKarsan.com>
Christopher P. Lindsey <lindsey@mallorn.com>
AMackenzie@edgewater.com
Dennis Dow <ddow@cyberport.com>
Tim Sole <tims@soleman.org>
Dan Schrader <Dan_Schrader@trendmicro.com>
--
Elias Levy
Security Focus
http://www.securityfocus.com/
