Yup, it's on the Network Associates (VirusScan) website. Got an alert on
it this morning.
Please respond to "NT System Admin Issues"
<[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc:
Subject: New Virus??
Has anyone heard about this? I was told its spreading throught Europe.
Any
validity to it?
There is a new Virus that has been spotted as of Sept 03, 2001. Please be
aware.
It spreads rapidly!
** | VIRUS WARNING - Win32.Apost.A@mm| **
Central Command is issuing a virus warning due to increased
infection reports for this new backdoor that was discovered on
September 3rd, 2001.
** | DESCRIPTION | **
Win32.Apost.A@mm is an Internet Worm that works on Windows systems.
It spreads through e-mails as an attached file and is activated
when the user executes the attachment.
When is executed, the virus copies itself in the root of every
drive (including floppy-disk) under the name readme.exe. Also, it
copies itself in the Windows directory and sets the following
registry key to be executed at every startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft
"%windir%\readme.exe"
After this, it uses MAPI (Mailing Application Programming
Interface) to send e-mail to every contact in the user's Address
Book and sets Outlook to erase these messages after they are sent.
The mail looks like this:
Subject: As per your request!
Body: Please find attached file for your review. I look forward to
hear from you again very soon. Thank you.
Attachment: readme.exe
ralph
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
