Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Virus Info from Steve Gibson FYI
From:
Brad Loomis <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Sun, 25 Jun 2000 17:10:23 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (106 lines) 
-----Original Message-----
From: Steve Bass [mailto:[log in to unmask]]
Sent: Saturday, June 24, 2000 10:30 AM
To: [log in to unmask]
Subject: [pibmug] A new nasty virus that even WE can't see!

 From Steve Gibson


Believe it or not, EVEN IF we have Windows set to show file extensions --
as we all probably do -- Windows STILL won't show an
extension of ".shs", which is some thing called a "Shell Scrap Object".

As a test you can easily do what I did: Create a text file with notepad
that says "this is just a test" then save it with the name "test.txt.shs"
and all you'll see is "test.txt"!!! -- thus causing the ".shs" file to
appear to be a simple (and safe) text file.

Anyway ... since a "Shell Scrap Object" is a scriptable thing, there's a
NEW fast propagating virus making the rounds of Outlook users, and although
we Eudora users can't be used to propagate the nasty thing, our computer
*WILL* still execute the virus!!!

Basically, this means that it's no longer even safe for us to open anything
which APPEARS to be a text file attachment!

MY INSTANT CURE:

Since I could care less about whatever-the-xxxx a "Shell Scrap Object" is
or does, I simply renamed the thing it's associated with (which handles
these things for Windows, thus giving them life) to prevent inadvertent
execution of ANY Shell Scrap Objects. Poetically, the file is named
"shscrap.dll" located in the system directory, which I simply renamed to
"shscrap.dll.xxx" to take it out of service.

Boy, Windows has really become a sewer.

-------------------------------------------------------------------
Here's some stuff specific to THIS current virus:
-------------------------------------------------------------------

//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\

CUPERTINO, Calif. - June 19, 2000 - Symantec Corporation (Nasdaq:
SYMC), a leader in Internet security technology, today announced
detection for VBS.Stages.A, a new and fast-spreading polymorphic
computer worm. Symantec's Anti-Virus Research Lab gives this worm a
Category 4 rating, as it has potential to be difficult to contain,
and cause severe damage. This worm appears as a .TXT file attachment
titled LIFE_STAGES.TXT.SHS. that disguises an .SHS file. An .SHS file
is a Microsoft Scrap Object file which are executable files that can
contain a wide variety of objects. The scrap object (SHS) extension
does not appear in Windows Explorer even if all file extensions are
displayed.

When executed, the attachment will open a text file in the Notepad
that describes the male and female stages of life.  While the user is
reading the text file, the script executes in the background, moving
the REGEDIT.EXE file to the recycle bin as a hidden system file named
RECYCLED.VXD. - resulting in modification of the SYSTEM REGISTRY and
REGEDIT.EXE files that cause system instability.

VBS.Stages.A spreads itself like VBS.LOVELETTER.A, sending mail to a
users' entire MS Outlook address book with a randomly generated
subject line, which can overload mail servers.  Additionally, the
worm spreads itself  via ICQ, mIRC and PIRCH and copies itself to
mapped drives.  The subject line may be one of 12 combinations and in
some cases begins with "FW."  The subject line will contain either
"Life stages," "Funny" or "Jokes" or several combinations of these.
This worm immediately deletes copies of the sent emails to ensure
there is no record of its presence. Symantec recommends that computer
users do not attempt to open the attached document, and protect
themselves by using Norton AntiVirus For Gateways to filter out all
incoming emails that have attachments with .SHS extensions. New
definition sets are now available to detect VBS.Stages.A and Norton
AntiVirus users can download them through Symantec's LiveUpdate
feature, or from the Symantec Web site at
www.symantec.com/avcenter/download.html.

Brands and products referenced herein are the trademarks or
registered trademarks of their respective holders. All prices noted
are in US dollars and are valid only in the United States.

//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\//\\

Note that simply updating your virus patterns WON'T prevent the next
abuse of Shell Scrap Objects.  I'd recommend that you use my solution
to neuter this entire vulnerability.




_______________________________________
This E-letter may be reproduced for non-commercial use, either in part or in
its entirety, provided the following is included:
* This message is brought to you by the Pasadena IBM Users Group, an
announcement-only mail list. Replies go to Steve Bass.
* To unsubscribe: mailto:[log in to unmask]
* To subscribe: mailto:[log in to unmask]

Copyright 2000 by Steve Bass, reprinted with permission.

             PCSOFT maintains many useful files for download
                     visit our download web page at:
                     http://nospin.com/pc/files.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV