 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 2 Jan 2001 21:33:17 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Many of you will find the following of interest.
----- Original Message -----
From: "enews" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, January 02, 2001 4:42 PM
Subject: InoculateIT Personal Edition AntiVirus Newsletter from Computer
Associates, Version 01.01 January 2, 2001
> =============================================
> E-News: InoculateIT Personal Edition AntiVirus
> Newsletter from Computer Associates
> Version 01.01 | January 2, 2001
> via www: http://esupport.ca.com
> =============================================
>
> Table of Contents
>
> - VBS/Tqll.A.Worm
>
> - InoculateIT Personal Edition AntiVirus
> Update Number 1105 available
>
> =============================================
> VBS/Tqll.A.Worm (also known as VBS/Tqll-A)
> =============================================
>
> VBS/Tqll.A.Worm
>
> Tqll.A is a worm that spreads through Outlook
> e-mail systems. It arrives as an attachment
> to an e-mail message with the Subject line:
>
> "New Year !".
>
> The message body reads:
>
> "Wow Happy New Year !"
>
> The possible name of the attachment is
> "happynewyear.txt.vbs".
>
> When opened, the worm drops a Backdoor Trojan
> to the Windows directory as "3k.exe" and
> launches it. This Backdoor Trojan is detected
> as Backdoor/Psychward.G.Server. The Trojan
> attempts to download an executable named
> "Teen.exe" from the internet and launches it.
> Teen.exe will be detected as Win32/Shaz.A.
> Once launched, Shaz.A drops the following files
> to c:\Windows\Fonts\Font:
>
> Igmp.exe
> info.vbs
> mirc.ini
> mirc2.ini
> pepsi.exe
> pri.ini
> re.exe
> remote.ini
> startup.vbs
> temp2.exe
> YoMama.txt
> temp.exe
>
> These executables can be used to generate packet
> floods.
>
> The worm then proceeds to send itself out to all
> entries in the Microsoft Outlook address book.
>
> IPE update release 1105 includes detection for
> the Tqll.A worm.
>
> =============================================
> VIRUS UPDATE 1105
> =============================================
>
> The latest AntiVirus Update has been uploaded
> to the Computer Associates web site for you
> to download.
>
> To download the new signature files for IPE
> without going through your Web browser, you can
> use the new "Auto Download" feature inside
> IPE (Tools, AutoDownload) or the AutoDownload
> application to check for updated signatures,
> download, and install them.
>
> Alternatively, the update file can be obtained
> at the following URL:
> http://antivirus.ca.com/cgi-bin/ipe/update.cgi
>
> It is recommended that once you have downloaded
> and installed an update that you do a virus
> scan of all the files on your system and
> create a new reference disk for your system.
>
> We recommend that you keep your anti-virus
> protection up-to-date at all times by ensuring
> you are running the most up-to-date anti-virus
> software (Current IPE version 5.2) and that latest
> update kit.
>
> These update kits are cumulative: therefore the
> latest update kit includes everything from all
> previous update kits as well as the new virus
> information.
>
> These update kits are NOT complete versions of
> IPE but an update which will allow version 5.2
> to detect and clean the latest viruses.
>
> =============================================
>
> Additional information on viruses, worms, and
> Trojan can be found at Computer Associates
> Virus Information Center:
> http://www.ca.com/virusinfo/
>
> Carnegie Mellon Software Engineering Institute
> (CERTŪ Coordination Center):
> http://www.cert.org/advisories/
>
> =============================================
>
> To subscribe to this or other newsletters, go
> to http://esupport.ca.com/ and click the E-News
> button on the left panel.
>
> You can unsubscribe from the same E-News page or
> by sending an email to mailto:[log in to unmask]
> with 'signoff enews_ipe' in the message body.
>
> This newsletter contains practical tech support
> information about relevant issues with our
> products.
>
> =============================================
>
> Feedback? Comments? Suggestions?
> Send mailto:[log in to unmask] All submissions
> become the property of the publisher and may or
> may not be reprinted.
>
> NOTE: This address should be used only for
> feedback on this newsletter. Requests for
> technical support should be submitted through
> normal channels.
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|
|
|
