Sender: |
|
Subject: |
|
From: |
|
Date: |
Tue, 12 Mar 2002 08:16:54 +0000 |
Content-Type: |
TEXT/PLAIN; charset=US-ASCII |
MIME-Version: |
1.0 |
Reply-To: |
|
Parts/Attachments: |
|
|
I have just had the following this morning from our University's head of
Internet security:
Patrick Boylan
=========================================
A new, potentially very invasive virus has been seen circulating
(W32.Gibe@mm). The trojan claims to be a "Microsoft security update". It
is, in fact, a "trojan horse", which appears to do the usual trick of
harvesting the contents of the Outlook addressbook and mailing itself to
them. However, it then installs a program which listens for a connection
from the network, which could allow an intruder to gain remote control of
the system.
The emails in question all appear to contain:-
Subject of email: Internet Security Update
Name of attachment: Q216309.exe
Size of attachment: 122,880 bytes
but bugs in the virus code may cause it to appear slightly differently.
The text of the message claims that the attachment is a cumulative
security patch for Microsoft Internet Explorer and Outlook/Express.
This trojan/virus is particularly invasive, precisely because it does
claim to be a "Microsoft security update". However, the messages do not
come from Microsoft and the attachment SHOULD NOT be run. Microsoft never
distribute security patches by e-mail: they send alerts to advise users to
download patches from their web site.
For full details, check anti-virus vendor pages, for example:
http://www.f-secure.com/v-descs/gibe.shtml
Anti-virus vendors have, or will shortly have, updates to their virus
definition files that detect and block the spread of this worm. As usual,
please ensure that your own definition files are up to date; and be very
wary of running or opening any attachments of whose provenance you are
uncertain.
DHS
--
[log in to unmask] City University Computing Services
=========================================================
Important Subscriber Information:
The Museum-L FAQ file is located at http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed information about the listserv commands by sending a one line e-mail message to [log in to unmask] . The body of the message should read "help" (without the quotes).
If you decide to leave Museum-L, please send a one line e-mail message to [log in to unmask] . The body of the message should read "Signoff Museum-L" (without the quotes).
|
|
|