[185] in Security FYI
[Security-fyi] Bugbear update
daemon@ATHENA.MIT.EDU (Linda A. LeBlanc)
Wed Jun 11 11:21:08 2003
Message-Id: <5.1.0.14.2.20030611100722.04199ed0@po12.mit.edu>
Date: Wed, 11 Jun 2003 11:16:58 -0400
To: security-fyi@MIT.EDU
From: "Linda A. LeBlanc" <leblancl@MIT.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: security-fyi-bounces@mit.edu
As many of you know, last week saw the eruption of a new and particularly
virulent virus. One of our Independent Lab team members has put together
an overview of the characteristics of this virus. Due to the nature of the
compromise experienced we are currently recommending to customers who
are infected that they format their hard drives and reinstall their
operating system.
> A new nasty virus for Windows was discovered yesterday. Read about it on
> <http://vil.nai.com/vil/content/v_100358.htm>.
>
> According to the website:
> This is a complex worm that contains many different elements:
>
> 1. Mass-mailer
> 2. Network Share Propagator
> 3. Keylogger
> 4. Remote Access Trojan
> 5. Polymorphic Parasitic File Infector
> 6. Security Software Terminator
>
> It also listens on TCP Port 1080 for commnd allowing a remote attacker
> to gain access to the compromised machine. Noah is scanning our part of
> net 18 for compromised machines and will contact group sysadmins if
> necessary.
>
> Even if you practice "safe computing" by not opening attachments,
> not using Outlook, turning off macros in Microsoft Office, you still
> need to run anti virus software often and update it often.
>
> Using McAfee Virus scan, you need virus definition file 4270. If your
> antivirus is set to auto-update and it did so before 13:30 today, you
> may not have the latest definition file.
>
> MIT has a site license for McAfee VirusScan. Go to
> <http://web.mit.edu/is/help/virus/virus-info.html> for further info.
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
