Virus Advisory: November 2003 Archives

11/20/03 : Virus/Worm - W32.Mimail Variations

11/05/03 : Trojan.Qhosts detected on campus

Virus/Worm - W32.Mimail Variations

Posted on November 20, 2003 12:32 PM

The Mimail virus has been a threat on campus since the beginning of November. Thus far, three variations have been spotted:

W32.Mimail.E@mm was reported on campus on 11/04. Its email messages typically have a subject line of "don't be late! [random string of letters]" and a file attachment called "readnow.zip."
W32.Mimail.J@mm (11/19) is a worm that also spreads by email. A typical subject line is "IMPORTANT ". It also carries an attachment named "InfoUpdate.exe -or- www.paypal.com.pif."
W32.Mimail.A@mm (11/20) is an email worm that steals information from a user's computer. An Mimail.A email message can be identified by the subject "Your Account " and an attachment called "message.zip."

Like with all unsolicited attachments, do not open them, as this will activate the invasive programs. If you think you have been infected with Mimail, Symantec has released a removal tool, available with more information at each of the linked sites included above.

Trojan.Qhosts detected on campus

Posted on November 05, 2003 11:19 AM

The Trojan.Qhosts has been spotted on Brown's campus. It can infect your computer simply by visiting an infected web site. This trojan takes advantage of a vulnerability in Microsoft Internet Explorer to take control of how your computer looks up Internet addresses. It also modifies the behavior of Internet Explorer. Although the trojan does not spread, an infected computer may not be able to access IP services. CIS has developed a tool to repair the damage done by this trojan, click here to download the QHOSTS Cleanup Tool.

[an error occurred while processing this directive]
Virus Advisory: November 2003 11/20/03 : Virus/Worm - W32.Mimail Variations 11/05/03 : Trojan.Qhosts detected on campus Virus/Worm - W32.Mimail Variations Posted on November 20, 2003 12:32 PM The Mimail virus has been a threat on campus since the beginning of November. Thus far, three variations have been spotted: W32.Mimail.E@mm was reported on campus on 11/04. Its email messages typically have a subject line of "don't be late! [random string of letters]" and a file attachment called "readnow.zip." W32.Mimail.J@mm (11/19) is a worm that also spreads by email. A typical subject line is "IMPORTANT ". It also carries an attachment named "InfoUpdate.exe -or- www.paypal.com.pif." W32.Mimail.A@mm (11/20) is an email worm that steals information from a user's computer. An Mimail.A email message can be identified by the subject "Your Account " and an attachment called "message.zip." Like with all unsolicited attachments, do not open them, as this will activate the invasive programs. If you think you have been infected with Mimail, Symantec has released a removal tool, available with more information at each of the linked sites included above. Trojan.Qhosts detected on campus Posted on November 05, 2003 11:19 AM The Trojan.Qhosts has been spotted on Brown's campus. It can infect your computer simply by visiting an infected web site. This trojan takes advantage of a vulnerability in Microsoft Internet Explorer to take control of how your computer looks up Internet addresses. It also modifies the behavior of Internet Explorer. Although the trojan does not spread, an infected computer may not be able to access IP services. CIS has developed a tool to repair the damage done by this trojan, click here to download the QHOSTS Cleanup Tool.
[an error occurred while processing this directive]