Virus Advisory: February 2004 Archives

02/26/04 : Virus/Worm: W32.Netsky and Variants

02/26/04 : Virus/Worm: W32.Mydoom.B@mm and Variants

02/17/04 : Virus/Worm: W32.Beagle.B@mm

Virus/Worm: W32.Netsky and Variants

Posted on February 26, 2004 08:50 AM

A removal tool for Netsky.B and Netsky.C is now available from Symantec. See virus details below:

W32.Netsky.B and W32.Netsky.C are Windows mass mailing worms that have been detected on campus. The infected email is likely from someone you know with a random subject and message text. It also carries an attachment with a random file name.

Affected software:
Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 and Windows XP.

Not Affected:
Linux, Macintosh, UNIX, Windows 3.x

Impact:
Some confirmed on campus

Risk:
- High

Behavior Observed:
- Harvests email addresses and sends email to address lists

Symptoms of Infected Machines:
- Detection by Symantec AntiVirus

Actions for All Users:
- Keep antivirus autoprotection enabled
- Keep antivirus definitions up to date
- Do not open email with unexpected attachments and suspicious subjects, even if the sender is someone you know

All users who need assistance should contact the Help Desk at 863-HELP.

Virus/Worm: W32.Mydoom.B@mm and Variants

Posted on February 26, 2004 07:56 AM

Mass-email worms, W32.Mydoom.B@mm and some variants, have surfaced on campus. Symantec now provides a removal tool for these.

Like W32.Novarg.A@mm, Windows computers can become infected if users open the email attachment carried by this worm, which can have any of the following extensions: .bat, .cmd, .exe, .pif, .scr, or .zip. Users on the KaZaA file sharing network can also be attacked.

Some symptoms of infection:
- Detection by Symantec Antivirus
- Receipt of SPAM complaints against University IP addresses

Update your Symantec AntiVirus definitions immediately and do not open email with unexpected attachments and suspicious subjects, even if you know the sender.

Contact the Help Desk at 863-HELP to report an infection or for assistance with W32.Mydoom.B@mm removal.

Virus/Worm: W32.Beagle.B@mm

Posted on February 17, 2004 01:23 PM

W32.Beagle.B, also known as W32.Alua is a new Windows mass mailing worm that is spreading rapidly. The infected email is likely from someone you know with the subject "ID *random characters*... thanks." The email attachment has a .exe extension with a random file name.

Affected software:
Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 and Windows XP.

Not Affected:
DOS, Linux, Macintosh, Microsoft IIS, OS/2, UNIX, Windows 3.x

Impact:
Many confirmed on campus

Risk:
- High - installs backdoor (8866/tcp) that can be leveraged to install other malicious code
- Widespread distribution globally

Behavior Observed:
- Harvests email addresses and sends email to address lists

Symptoms of Infected Machines:
- Detection by Symantec AntiVirus

All users who need assistance should contact the Help Desk at 863-HELP.

[an error occurred while processing this directive]
Virus Advisory: February 2004 02/26/04 : Virus/Worm: W32.Netsky and Variants 02/26/04 : Virus/Worm: W32.Mydoom.B@mm and Variants 02/17/04 : Virus/Worm: W32.Beagle.B@mm Virus/Worm: W32.Netsky and Variants Posted on February 26, 2004 08:50 AM A removal tool for Netsky.B and Netsky.C is now available from Symantec. See virus details below: W32.Netsky.B and W32.Netsky.C are Windows mass mailing worms that have been detected on campus. The infected email is likely from someone you know with a random subject and message text. It also carries an attachment with a random file name. Affected software: Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 and Windows XP. Not Affected: Linux, Macintosh, UNIX, Windows 3.x Impact: Some confirmed on campus Risk: - High Behavior Observed: - Harvests email addresses and sends email to address lists Symptoms of Infected Machines: - Detection by Symantec AntiVirus Actions for All Users: - Keep antivirus autoprotection enabled - Keep antivirus definitions up to date - Do not open email with unexpected attachments and suspicious subjects, even if the sender is someone you know All users who need assistance should contact the Help Desk at 863-HELP. Virus/Worm: W32.Mydoom.B@mm and Variants Posted on February 26, 2004 07:56 AM Mass-email worms, W32.Mydoom.B@mm and some variants, have surfaced on campus. Symantec now provides a removal tool for these. Like W32.Novarg.A@mm, Windows computers can become infected if users open the email attachment carried by this worm, which can have any of the following extensions: .bat, .cmd, .exe, .pif, .scr, or .zip. Users on the KaZaA file sharing network can also be attacked. Some symptoms of infection: - Detection by Symantec Antivirus - Receipt of SPAM complaints against University IP addresses Update your Symantec AntiVirus definitions immediately and do not open email with unexpected attachments and suspicious subjects, even if you know the sender. Contact the Help Desk at 863-HELP to report an infection or for assistance with W32.Mydoom.B@mm removal. Virus/Worm: W32.Beagle.B@mm Posted on February 17, 2004 01:23 PM W32.Beagle.B, also known as W32.Alua is a new Windows mass mailing worm that is spreading rapidly. The infected email is likely from someone you know with the subject "ID random characters... thanks." The email attachment has a .exe extension with a random file name. Affected software: Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 and Windows XP. Not Affected: DOS, Linux, Macintosh, Microsoft IIS, OS/2, UNIX, Windows 3.x Impact: Many confirmed on campus Risk: - High - installs backdoor (8866/tcp) that can be leveraged to install other malicious code - Widespread distribution globally Behavior Observed: - Harvests email addresses and sends email to address lists Symptoms of Infected Machines: - Detection by Symantec AntiVirus Actions for All Users: - Keep antivirus autoprotection enabled - Keep antivirus definitions up to date - Do not open email with unexpected attachments and suspicious subjects, even if the sender is someone you know All users who need assistance should contact the Help Desk at 863-HELP.
[an error occurred while processing this directive]