LISTSERV - MUSEUM-L Archives - HOME.EASE.LSOFT.COM

MUSEUM-L Archives

Museum discussion list

MUSEUM-L@HOME.EASE.LSOFT.COM

	LISTSERV Archives
	MUSEUM-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	SECURITY ALARM RE NEW "TROJAN HORSE" VIRUS - NOT A HOAX
From:	P Boylan <[log in to unmask]>
Reply To:	Museum discussion list <[log in to unmask]>
Date:	Tue, 12 Mar 2002 08:16:54 +0000
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (54 lines)

I have just had the following this morning from our University's head of
Internet security:


Patrick Boylan

=========================================


A new, potentially very invasive virus has been seen circulating
(W32.Gibe@mm). The trojan claims to be a "Microsoft security update".  It
is, in fact, a "trojan horse", which appears to do the usual trick of
harvesting the contents of the Outlook addressbook and mailing itself to
them.  However, it then installs a program which listens for a connection
from the network, which could allow an intruder to gain remote control of
the system.

The emails in question all appear to contain:-

        Subject of email: Internet Security Update
        Name of attachment: Q216309.exe
        Size of attachment: 122,880 bytes

but bugs in the virus code may cause it to appear slightly differently.
The text of the message claims that the attachment is a cumulative
security patch for Microsoft Internet Explorer and Outlook/Express.

This trojan/virus is particularly invasive, precisely because it does
claim to be a "Microsoft security update".  However, the messages do not
come from Microsoft and the attachment SHOULD NOT be run. Microsoft never
distribute security patches by e-mail: they send alerts to advise users to
download patches from their web site.

For full details, check anti-virus vendor pages, for example:
http://www.f-secure.com/v-descs/gibe.shtml

Anti-virus vendors have, or will shortly have, updates to their virus
definition files that detect and block the spread of this worm. As usual,
please ensure that your own definition files are up to date; and be very
wary of running or opening any attachments of whose provenance you are
uncertain.


DHS
--
[log in to unmask]           City University Computing Services

=========================================================
Important Subscriber Information:

The Museum-L FAQ file is located at http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed information about the listserv commands by sending a one line e-mail message to [log in to unmask] . The body of the message should read "help" (without the quotes).

If you decide to leave Museum-L, please send a one line e-mail message to [log in to unmask] . The body of the message should read "Signoff Museum-L" (without the quotes).

ATOM RSS1 RSS2

HOME.EASE.LSOFT.COM