[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: New Virus (TROJ_VOTE.A)
From: <bonk () webchat ! chatsystems ! com>
Date: 2001-09-24 20:18:26
[Download RAW message or body]
Metromedia Fiber Network
Information Security Directorate
Security Operations Center
Virus Alert: MCA2001-9
September 24, 2001
Name: TROJ_VOTE.A
Aliases: TROJ_VOTE.A; WTC.EXE
Affected Systems: All systems running Microsoft Outlook
Bottom Line Up Front: TROJ_VOTE.A is a highly destructive new virus which
is
currently spreading in-the-wild (discovered at 2:30 P.M., September 24,
2001). This destructive Trojan was created using Visual Basic 5. It
propagates via Microsoft Outlook by sending emails to addresses listed in
an
infected user's address book. It arrives in an email with the following:
Subject: FW: Peace between America and Islam
Message Body: Hi Is it a war against America or Islam. Lets Vote
to live in peace.
Attachment: WTC.EXE
TROJ_VOTE.A deletes certain antiviral files, adds the file Zacker.vbs to
the local hard drive, modifies the infected user's Internet Explorer
startup page, and formats the infected user's drive c:\.
Technical Recommendation: This is a new virus and fixes do not yet exist.
If you receive an email with the above subject line or with an attachment
WTC.EXE, DO NOT OPEN THEM. MFN e-mail users should always be cautious
when opening e-mail attachments. Review email attachment names prior to
opening.
If the email is from someone you don't recognize or responding to a
question you did not ask, do not open the email directly. Users are
further reminded to ensure virus protection on personal computers is current.
================================================
Travis
Email: Bonk@Undernet.Org | Bonk@cyberabuse.org
================================================
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic