RE: email virus? [a490143_at_hotmail.com: FVWM: MIME-Version: 1.0]

From: Mark Crocker <mcrocker_at_micron.com>
Date: Wed, 9 Feb 2000 15:09:38 -0700 (MST)

FYI:

I forwarded this information onto our local virus team and they found
that the virus is virtually unknown by the antivirus establishment (at
least as of yesterday morning). They did, however, discover that it
has been reported on alt.comp.virus and is called
W32Script/Unicle.worm. Apparently, it copies various system files to
a public ftp site, appends itself to all outgoing email messages and
possibly damages the registry... if you're using Microsoft Outlook on
a Microsoft Windows platform AND you don't have the security features
set correctly.

Naturally, I'm not going to disclose the status of our local efforts
to deal with this virus, but I thought the rest of you, especially
Erik, might want to know that there was no antivirus software that can
detect it as of yesterday and that it can send confidential
information to a public site. If there is a virus software update
available for it in the future, you should be able to find it under
the keyword "Unicle".

On Mon, 7 Feb 2000 14:01:01 -0600 , "Steffl, Erik" <esteffl_at_pbi.net> wrote:

> I use win nt (and solaris via exceed (win nt X server)) and the
> script
> caused some error in internet explorer. I don't see any damage (but
> I did not really checked anything, just ran the antivirus, the
> system works fine for now)...

> anyway, this prompted me to turn of all java/javascript/activeX
> etc
> features in outlook... feel better now.

> erik

>> -----Original Message----- From: owner-fvwm_at_hpc.uh.edu
>> [mailto:owner-fvwm_at_hpc.uh.edu]On Behalf Of Matthew W. Roberts Sent:
>> Monday, February 07, 2000 8:45 AM To: fvwm_at_fvwm.org Subject: email
>> virus? [a490143_at_hotmail.com: FVWM: MIME-Version: 1.0]
>>
>>
>> I've gotten two messages from:
>>
>> a490143_at_hotmail.com
>>
>> with the subject:
>>
>> FVWM: MIME-Version: 1.0
>>
>> that have come through the fvwm mailing list. The message has an
>> attached HTML file with some fairly cryptic javascript. I didn't
>> take the time to really get into it, but it looked like it was set
>> to delete files and mess with the Windows registry.
>>
>> Makes me glad I don't use windows. Makes me wonder why someone
>> would send it to the FVWM list.
>>
>>
>>
>> -- Matthew W. Roberts
>> ----------------------------------------------------------------
>> Structural Engineering mwr_at_tamu.edu Texas A&M University
>> ---------------------------------------------------------------- -
>> Any fool can criticize, condemn and complain and most fools do.
>> -- Benjamin Franklin
>>
>>
>> -- Visit the official FVWM web page at <URL: http://www.fvwm.org/>.
>> To unsubscribe from the list, send "unsubscribe fvwm" in the body
>> of a message to majordomo_at_fvwm.org. To report problems, send mail
>> to fvwm-owner_at_fvwm.org.
>>
> -- Visit the official FVWM web page at <URL: http://www.fvwm.org/>.
> To unsubscribe from the list, send "unsubscribe fvwm" in the body of
> a message to majordomo_at_fvwm.org. To report problems, send mail to
> fvwm-owner_at_fvwm.org.

-- 
-------------------------------------------------------------------------------
 Mark Crocker (MTI PE) | mcrocker_at_micron.com | (208) 36-83525 | Pg. 99416
		 http://markcrocker.micron.com/~mcrocker
-------------------------------------------------------------------------------
--
Visit the official FVWM web page at <URL: http://www.fvwm.org/>.
To unsubscribe from the list, send "unsubscribe fvwm" in the body of a
message to majordomo_at_fvwm.org.
To report problems, send mail to fvwm-owner_at_fvwm.org.
Received on Wed Feb 09 2000 - 16:10:29 GMT

This archive was generated by hypermail 2.3.0 : Mon Aug 29 2016 - 19:37:50 BST