|
|
|
Our Virus Alert Page Here you will find recent
virus alerts. |
| June 20, 2001 |
| W32/Beast.A is a hybrid virus that consists of two components: a macro virus that affects Microsoft Word documents and a Windows 95 virus. Infections are carried out through its Windows 95 component. The other section of the virus (the Word component) works as support. The virus spreads to other systems using the same means common to most macro viruses; therefore, the virus is contained in each previously infected document. |
| June 20, 2001 |
| Flip.MP2153.A Flip.mp.2153.A is an MS-DOS-resident encrypted virus that infects files with the following extensions: .exe, .com, or .ovl. The virus also infects the command.com file (in the hard disk root directory) and modifies the Master Boot Record (MBR) and the BOOT (the boot sector of 3.5" disks). Upon infection, the virus becomes memory resident, thereby decreasing your memory's available free space by 3064 bytes. |
| June 13, 2001 |
| CHOKE.A W32/Choke.A is an Internet worm written in Visual Basic (VB) 6.0 that uses the program MSN Messenger to propagate. If this application is not installed on your system, propagation isn't possible. The message body of this message contains the following text: "President bush shooter is game that allows you to shoot Bush balzz hahaha." |
| June 6, 2001 |
| VBS/LOVELETTER.CM VBS/LoveLetter.CM is a worm that uses email to carry out its infections. The worm arrives in email with the subject line "Where are you?" The message line reads "This is my pic in the beach" and contains an attached file called JENNIFERLOPEZ_NAKED.JPG.VBS. It appears to be a picture file, but in fact it's simply a VBS worm. |
| May 23, 2001 |
| NEW WORM PURPORTS TO BE EMAIL FROM SYMANTEC A new worm, called Hard.A, has been discovered that arrives in a spoofed email and appears to be a message from Symantec, a leading antivirus software vendor. The message subject reads "Symantec Anti-Virus Warning," and the message itself contains a file attachment (www.symantec.com.vbs) that, among other things, triggers the worm each November 24. |
| May 10, 2001 |
| A new worm, nicknamed Homepage, is
spreading across the Internet. The Homepage worm spreads by sending a
copy of itself to all addresses in the recipient's Outlook address book.
The message subject reads "Homepage," and the message body
contains the sentence "You've got to see this page! It's really
cool ;O)." An attachment to the message (homepage.html.vbs)
contains a Visual Basic (VB) script that opens one of four randomly
selected pornographic Web sites.
The 'Homepage' virus, the latest worm to clog up corporate email servers, went largely unnoticed by customers of McAfee AntiVirus Defense. Why? McAfee automatically eliminated 'Homepage' even before our worldwide AVERT virus hunters had seen a sample. So, just as it has done with so many other viruses, McAfee detected 'Homepage' by characteristics it shares with other viruses and turned a costly virus disaster into a non-event. Instantly. Click now for the cure. |
| May 2, 2001 |
| FUNLOVE VIRUS INFECTS MICROSOFT HOTFIXES Microsoft stopped all access to its hotfixes this week when someone discovered that many of the hotfixes contained the FunLove virus, which first appeared in November 1999. The virus infects Windows-based portable executable documents, ActiveX controls (.ocx files), and screen saver files. When FunLove runs on a Windows NT system, the virus grants Administrator rights to any user who logs on. |
| May 2, 2001 |
| W32Hello is a worm that propagates through Microsoft's MSN Messenger program. The worm is written in Visual Basic (VB) 5.0. The file that contains the worm is 10KB and has no icon. |
| May 2, 2001 |
| W32/Stator is a worm designed to
propagate itself when certain programs, such as Notepad, Windows Media
Player (WMP), Control Panel, and Windows Help, execute. The worm renames
several existing .vxd files and then creates copies of itself using the
original file names. |
| April 18, 2001 |
| W32/Matcher is a worm designed to propagate through email. The worm is written in Visual Basic (VB) and is 28KB. W32/Matcher requires the Msvbvm60.dll Visual Basic Dynamic Library to work properly. The worm reaches systems in the form of an email message with a subject of "Matcher" and a message body that reads, "Want to find your love mates!!! Try this its cool... Looks and Attitude matching to opposite sex." The worm carries a file attachment called Matcher.exe that infects the user's system. To learn all about Matcher, be sure to visit our Center for Virus Control. |
| March 21, 2001 |
| VBS/Linda.A@mm is a worm written
in Visual Basic Script that spreads through e-mail and IRC. The file
that contains the worm is 3.876 bytes in length. Affected files will
lose their content and their extensions will be changed.
VBS/Linda.A@mm uses e-mail and IRC to spread to other
systems. Outgoing messages will be sent to all the entries in the user's
Address Book. These messages will have the following characteristics:
|
|
|
| March 14, 2001 |
|
Backdoor/MoonPie.10 This is a backdoor Trojan that consists of two programs. One of them is installed on the affected system (server), whereas the other must be installed on the attacking computer (client). The Trojan can reach the affected system via any of the regular virus entry routes: floppy disks, CD-ROMs, computer networks, the Internet, FTP, sending receiving e-mail messages to which the file containing the Trojan is attached,...etc. |
| March 14, 2001 |
|
W32/Disemboweler W32/Disemboweler
is a polymorphic worm with the following characteristics:
The worm uses anti-debugging techniques. It checks to see if its being debugged on a Windows 95 platform or if any other debugging software (of the Softice type) is active on the system. If this is the case, it hooks the INT 13 interrupt. W32/Disemboweler spreads itself via e-mail in the form of an attachment. The message is sent out at random to several e-mail addresses it obtains from the messages stored in the affected system. Both the subject of the message and the message body are chosen at random. In fact the worm generates these names from a text obtained from a file on the hard disk. It is interesting to mention that the virus keeps track of all the addresses where the messages are sent. |
| March 14, 2001 |
|
W32/Magistr@mm is
a polymorphic worm with the following characteristics:
The worm uses anti-debugging techniques. It checks to see if its being debugged on a Windows 95 platform or if any other debugging software (of the Softice type) is active on the system. If this is the case, it hooks the INT 13 interrupt.
|
| March 14, 2001 |
|
W32/MyBaby.A is a worm written in Visual Basic 6.0 with a size of 77824 bytes. This worm sends itself to all the entries in the user's Address Book and overwrites all the files found in all the disk drives on the system as long as they have the certain extensions. Then, it and adds an EXE extension at the end of these files. W32/MyBaby.A sends itself to all the entries in the
user's Address Book. Outgoing messages will have the following
characteristics: |
|
|