[Am-info] Prestige Worm

[Fred A. Miller]

ONCE AGAIN, MickySoft's inability to produce secure code IS the cause of 
a damaging virus! IMHO, ANY person responsible for IT decisions, who 
condones the use of "LookOut" or "LookOut Express" in their firm, is 
guilty of GROSS negligence and incompetence!

Fred

Prestige Worm

The Prestige worm arrives as an attachment purporting to be pictures
of the Prestige oil tanker disaster off the Spanish coast. The worm
is in an .exe file included in the .zip attachment. If the attachment
is executed, a Spanish message asks users if they want to install an
application to view the pictures; if they click their approval, an
error message tells them the application could not be installed, and
behind the scenes, the worm is doing its work. Prestige self replicates
through Outlook address books and IRC programs, changes files in the
Windows system directory and replaces and renames the regedit.exe file.

http://www.net-security.org/virus_news.php?id=142

-- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org