This is for your information only and does not need to be discussed on the
list. If you have not already updated your virus software please do so.
I am scanning out a couple viruses a week from the 20 or so lists I
moderate. This means someone out there is not using their updates or not
using virus software at all. Rootsweb usually catches these, but some do get
through.
Thanks
Jenny Kernan
List Mom
- Weekly Virus Report -
Oxygen3 24h-365d, by Panda Software (
http://www.pandasoftware.com)
Madrid, January 20, 2002 -- Today, the Oxygen3 24h-365d report deals with
two worms: W32/Klez.F and VBS/NetLog.B.
W32/Klez.F is a worm that spreads in a file attached to an e-mail message
with variable characteristics. The worm modifies some system drivers
(which
might prevent the computer from starting up), and overwrites
executable
files, thus rendering them useless.
When the infected attachment is run, the worm copies itself to the
Windows/System and Windows/Temp folders. It also creates a file called
Wqk.exe, which is really another virus, (capable of infecting PE files),
named W32/Elkern. W32/Klez.F then creates two entries in the Windows
Registry in order to ensure that the files it created are run on every
system start-up.
W32/Klez.F takes advantage of an Internet Explorer vulnerability
previously
exploited by other worms. This bug allows an attached file to be run
by
opening the message that contains it or simply by viewing it through the
message preview pane in Outlook. Furthermore, W32/Klez.F modifies the
e32_restab entry (Offset of resident name table) of some VxD drivers,
disabling them. As a result, the drivers will not run properly when the
system is rebooted, preventing the computer from starting up. Finally, the
worm is designed to delete files from certain antivirus applications.
VBS/NetLog.B is a worm written in VBS (Visual Basic Script) which spreads
through the network searching for shared C: drives. To do this, the worm
scans IP addresses looking for accessible C: drives. VBS/NetLog.B also
creates a file where it keeps record of all the IP subnet addresses that
it
accesses and attempts to access, and saves it to affected systems. In
the
event that there are several infected computers scanning the network, a
DDoS
(Distribute Denial of Service) situation might take place. This is
due to
a
possible overload of the DNS (Domain Name Server).
For further information about these and other viruses, visit Panda
Software's Virus Encyclopedia at the following address:
http://www.pandasoftware.com/library/
NOTE: The address above may not show up on your screen as one line. This
would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of
the
URL.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d:
Send a message to the following address:
oxygen3com-SIGNOFF-REQUEST(a)oxygen3.pandasoftware.com .
Or click on: mailto:oxygen3com-SIGNOFF-REQUEST@oxygen3.pandasoftware.com
and send
the message.
To contact with Panda Software, please visit:
http://www.pandasoftware.com/com/pandacorp/pandaworldwide.asp
------------------------------------------------------------
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at
http://mail.yahoo.com