A new worm - I don't think I've received it, but in case I have, or any of
you have, here's some info.

 -Pam

        -----Original Message-----
        From:   Kusse, James
        Sent:   Tuesday, December 04, 2001 4:40 PM
        To:     Laing, Kevin M; Saturno, Anthony; Bhat, Archana; Davis,
Erica P; Kusse, James; Mohan, Jatin; Hassam, Jeanine M; Drury, Jennifer;
Dudek, Joe; Flynn, Kevin; Chung, Lorna; Falcone, Matt; Memed, Nurachman;
Stevenson, Pam; Cumberland, Paul; Robinson, Philip L; Jagannathan, Priya;
Sreenivasan, Raghavaperumal; DiRenzo, Rita; Hayes, Robert C; Janapareddi,
Savithri; Johnson, Stuart; O'Connor, Terry; Pease, Thomas M; Suhr, Thomas E;
Kanakam, Venkat; Morrow, Clark; Batten, Jim; Wood, Peter J; Feeney, Bob;
Discavage, Tim
        Subject:        FW: W32/GoneA@mm -- Virus Has Entered Xerox
Environment
        Importance:     High

        To all XESIM employees and contractors - PLEASE READ BELOW!!!!!!

        DO NOT OPEN THE ATTACHMENT INCLUDED WITH ANY MAILING THAT HAS THE
FOLLOWING......

        Subject: Hi
        Body:
        How are you ?
        When I saw this screen saver, I immediately thought about you
        I am in a harry, I promise you will love it!
        Attachment: GONE.SCR

        Again please read below.

        Jim Kusse
        Enterprise Systems Management, EDS
        300 Main St. MS 898/01A
        East Rochester, NY 14445
        phone: 716-231-7265
        Cell Phone: 734-5191
        [log in to unmask]
         <<...OLE_Obj...>>






        The W32/Goner@MM virus has found its way into the Xerox environment
even though we are blocking .SCR files at the Internet gateways and PMDF
switches.

        This mass mailing worm attempts to send itself using Microsoft
Outlook to all entries found in the Outlook Address book. It tries to delete
security software, can spread via ICQ, and contains a DDoS payload via IRC.

        Please notify IM personnel in your organizations to take immediate
actions to mitigate the propagation of this virus by deploying the EXTRA.DAT
or SUPER EXTRA.DAT files that NAI has made available. A description of this
virus and the emergency DAT files are available at:

                http://vil.nai.com/vil/virusSummary.asp?virus_k=99272

        Thanks,

        Bob

        -----Original Message-----
        From:   Polisseni, Bob
        Sent:   Tuesday, December 04, 2001 11:22 AM
        To:     USA CIS Virus Communications
        Subject:        W32/GoneA@mm -- Virus Alert
        Importance:     High

        A new virus threat is "in the wild". Not much is known about this
yet.

        It appears that the attachments that are being seen are for a new
worm known as [log in to unmask]

        EDS is adding filtering for this virus at Internet Gateways and on
the PMDF switches for the attachment Gone.scr.

        NAI is "aware of this virus, and is starting to gather information
on it" and will get some information to Xerox as soon as possible.

        In case you are not aware, SOPHOS just issued an EMERGENCY alert,
indicating that it is "spreading widely in the wild":

        http://www.sophos.com/virusinfo/analyses/w32gonera.html

        Profile on FSecure:

        http://www.datafellows.fi/v-descs/goner.shtml

        More details will be sent to you once we know what we are dealing
with and when additional information is received from NAI.

        Thanks,

        Bob


        Bob Polisseni
        Corporate Information Security
        Virus Protection Support
        * Phone: 716.423.8629    8*223.8629
* Fax: 716.423.2759
* [log in to unmask]

        For information on CIS see the following site:
        http://xww.internal.xerox.com/security/