Pirate 4x4 banner
1 - 1 of 1 Posts

1,464 Posts
Discussion Starter · #1 ·
I know a lot of you guy's are system admin's, or heave users

we've been alerted to this-
pass it on


Symantec Security Response has received a number of submissions on [email protected] and is rating it as a Category 4.

[email protected] is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.

The worm uses the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.

When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Users visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. This .eml file also uses the aforementioned MIME exploit. Users can disable 'File Download' in their internet security zones to prevent compromise.

Also, the worm will create open network shares on the infected computer, allowing access to the system. During this process the worm creates the guest account with Administrator privileges.

Type: Virus, Worm

Infection Length: 57344
1 - 1 of 1 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.