[Am-info] MickySoft only!

Fred Miller fmiller@lightlink.com
Thu, 17 Jun 2004 14:16:41 -0400


This will liven things out at Redmond. :)

Fred

New worm terminates antivirus apps
 By ZDNet Australia Staff
 ZDNet Australia
 June 15, 2004, 5:26 AM PT

 A new worm variant that can terminate antivirus applications was discovered
 last Friday, prompting Internet security vendor F-Secure to issue a level
 two warning.

The variant, called Zafi.B, is spread through e-mail attachments in PIF, EXE
 or Com attachments, and according to F-Secure, the worm "terminates all
 applications that have 'firewall' or 'virus' in their file-name".

 The worm is capable of transmitting in several languages, including English,
 Italian, Spanish, Russian, Swedish, German or Finnish, said F-Secure, and
 spreads itself by collecting e-mail addresses from the recipient's address
 book.

Zafi.B copies itself to the Windows System Directory when activated, and
 replicates itself as either "winamp 7.0 full_install.exe" or "Total
 Commander 7.0 full_install.exe" files in folders that contain "share" or
 "upload" in their names, according to F-Secure.

Manager for F-Secure, Mikael Albrecht, says the worm is particularly
 complicated as it has the capacity to penetrate firewalls and antivirus
 applications in order to "help itself spread further".

 "Another interesting thing about this worm is that the infected messages
 come in many different languages. As most of the widely spread worms use
 only English, this feature may confuse the user to open the message--and the
 worm spreads on", he said.

 However, Internet security corporation, Symantec, have listed the virus as
 having an "easy" threat containment rating and a "low" geographical
 distribution area.

 A Symantec spokesman maintained that the worm is still "nothing
 significant".

 "The worm tries to disable the security processes on the machine to make it
 more vulnerable to other attacks," said the spokesman.

 He said that users who notice unusual messages regarding system
 vulnerability may be infected and should scan their computers to guard
 against further infection.

-- 
Ronald Reagan 1911 - 2004
An American Patriot who hated Communism and Socialism, never 
brought shame upon himself, his family, his political offices or abused 
the trust of the American People. We love you and we wonder when another 
like you or Theodore Roosevelt will arise again.