[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] SANS Alert on Resume and KAK Viruses (fwd)
From:       William Knowles <wk () C4I ! ORG>
Date:       2000-05-27 19:30:55
[Download RAW message or body]

Just in case you have been living under a rock, or have become
desensitized to Outlook virus warnings, Here is the latest alert from
SANS on the two new? viruses to watch out for.

William Knowles
wk@c4i.org


News reports concerning the Resume virus are correct.  It is a variant
of Melissa, with a more vicious payload.  At the same time, Kak is
beginning to live up to its advance billing as the world's number 1
virus this summer.  Actions are needed now to stop both threats.
Details below.

RESUME
********

The Resume virus (also known as Melissa.BG) is a very dangerous Word
Macro virus because it attempts to spread to everyone in available
address books and tries to delete all files in the following
directories and drives:
C:\*.*
C:\My Documents\*.*
C:\WINDOWS\*.*
C:\WINDOWS\SYSTEM\*.*
C:\WINNT\*.*
C:\WINNT\SYSTEM32\*.*
A:\*.* [may cause an error message]
B:\*.* [may cause an error message]
and *.* in the root of drives D: thru Z:


* * * *
The email message in which it arrives looks like this:

Subject: Resume - Janet Simons

To: Director of Sales/Marketing,

Attached is my resume with a list of references contained within.

Please feel free to call or email me if you have any further questions
regarding my experience. I am looking forward to hearing from you.

Sincerely,

Janet Simons.
"Explorer.doc"

* * * * * * * *
Actions Required

The correct action is to ensure no one opens the attachment and,
better, if you have the skills, to set up email filters that stop any
offending messages.  Tell people to deactivate their executive summary
feature in Microsoft Outlook, and only then delete the e-mail without
opening.

Valuable data from the top virus vendors (those involved in
maintaining the Information Security DEW Line [Digital Early Warning Line]):

Norton Anti Virus: http://vil.nai.com/villib/dispvirus.asp?virus_k=98661

Symantec: http://www.symantec.com/avcenter/venc/data/w97m.melissa.bg.html


Sadly, Resume defense is not the only action needed right now.


KAK
***

Fifty thousand systems received the KAK virus on May 24.

See:
http://www.msnbc.com/news/412717.asp

The story, in brief, is that 50,000 clients of Shoppingplanet.com
received an infected email newsletter (not an attachment) and those
who previewed or read the email in Outlook Express almost certainly
became infected.

The MSNBC reporter goes on to say:

"Kak is one of the first of a new breed of viruses that can infect
users simply when they read an e-mail, or even by previewing an e-mail
using Microsoft's Outlook Express - opening an attached file is not
required. After infection, the virus sends a copy of itself with every
message the victim sends. The virus payload, however, is not
malicious. It does not attempt to delete any files."

If you have not made sure every PC in your organization has corrected the
Microsoft flaw, see the May 10 Alert:
http://www.sans.org/newlook/alerts/virus.htm

The fix takes less than 5 minutes!

When someone combines the vicious actions of Resume with the delivery
system of KAK, you'll be very happy you made the fix.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".

[prev in list] [next in list] [prev in thread] [next in thread]