so far I guess this is all thats posted about it
just warning whoever cares on this list seening
how many filter for .vbs and this one is in .doc
<snip from symantec>
W97M.Melissa.BG
W97M.Melissa.BG is a Word 97 macro virus that has a payload of deleting
necessary system files. It also sends itself out through e-mail using
Microsoft outlook. The subject of the e-mail is "Resume - Janet Simons".
Also known as: ResumeWorm
Category: Worm
Infection length: 41,472
Virus definitions: May 26, 2000
Threat assessment:
<Picture><Picture><Picture><Picture>Wild:
High Damage:
High Distribution:
High <Picture>
Wild
�Number of Infections:More than 1000 �Number of Sites:More than 10
�Geographical Distribution:Medium �Threat Containment:Easy �Removal:Easy
Damage
�Payload:
�Large Scale E-mailing:All addresses in the User's Address book using
Microsoft Outlook �Deletes Files:C:\*.*
C:\My Documents\*.*
C:\WINDOWS\*.*
C:\WINDOWS\SYSTEM\*.*
C:\WINNT\*.*
C:\WINNT\SYSTEM32\*.*
Also A-Z:\*.*
�Degrades Performance:may crash e-mail server �Causes System
Instability:Deletes system files.
Distribution
�Subject of E-mail:Resume - Janet Simons �Name of Attachment:RESUME1.DOC
or Explorer.doc or NORMAL.DOT �Size of Attachment:41,472
Technical description:
W97M.Melissa.BG a macro virus which has an unusual payload. When a user
opens an infected document, the virus will attempt to e-mail a copy of
this document to everyone in the user's address book, using Microsoft
Outlook. The virus also drops 2 copies of itself. One is dropped to
C:\Data\Normal.dot
Another is dropped to:
C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc
Upon closure of the document the virus attempts to delete the files:
"C:\*.*"
"C:\My Documents\*.*"
"C:\WINDOWS\*.*"
"C:\WINDOWS\SYSTEM\*.*"
"C:\WINNT\*.*"
"C:\WINNT\SYSTEM32\*.*"
"A:\*.*"
"B:\*.*"
"D:\*.*"
"E:\*.*"
"F:\*.*"
"G:\*.*"
"H:\*.*"
"I:\*.*"
"J:\*.*"
"K:\*.*"
"L:\*.*"
"M:\*.*"
"N:\*.*"
"O:\*.*"
"P:\*.*"
"Q:\*.*"
"R:\*.*"
"S:\*.*"
"T:\*.*"
"U:\*.*"
"V:\*.*"
"W:\*.*"
"X:\*.*"
"Y:\*.*"
"Z:\*.*"
The body of the e-mail sent is as follows:
To: Director of Sales/Marketing,
Attached is my resume with a list of
references contained within. Please
feel free to call or email me if you
have any further questions regarding
my experience. I am looking forward
to hearing from you.
Sincerely,
Janet Simons.
Removal:
Although NAV can repair the inserted files, you can safely delete the
files listed above.
<Picture>
Write-up by: Douglas Knowles
Updated: 5/26/00 2:33:09 PM
--
___
/\ \ phase two of global domination in operation, hide all lions.
/::\ \
/:/\:\ \ Comments or Questions email [EMAIL PROTECTED]
_\:\~\:\ \
/\ \:\ \:\__\ Spikeman [EMAIL PROTECTED]
\:\ \:\ \/__/ http://www.spikeman.net
\:\ \:\__\ Find Me On EFNET /whois Spikeman
\:\/:/ /
\::/ / Friends are lights in winter;
\/__/ The older the friend, the brighter the light.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
