This warning came from AVP's mailer. It's legit. There was a link in the
email for info. Basically, it's another Outlook mass mailer virus.
Just about every vendor has already updated their definitions.
-Joe
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 06 September 2001 15:25
To: NT System Admin Issues
Subject: New Virus??
Has anyone heard about this? I was told its spreading throught Europe. Any
validity to it?
There is a new Virus that has been spotted as of Sept 03, 2001. Please be
aware.
It spreads rapidly!
** | VIRUS WARNING - Win32.Apost.A@mm| **
Central Command is issuing a virus warning due to increased
infection reports for this new backdoor that was discovered on
September 3rd, 2001.
** | DESCRIPTION | **
Win32.Apost.A@mm is an Internet Worm that works on Windows systems.
It spreads through e-mails as an attached file and is activated
when the user executes the attachment.
When is executed, the virus copies itself in the root of every
drive (including floppy-disk) under the name readme.exe. Also, it
copies itself in the Windows directory and sets the following
registry key to be executed at every startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft
"%windir%\readme.exe"
After this, it uses MAPI (Mailing Application Programming
Interface) to send e-mail to every contact in the user's Address
Book and sets Outlook to erase these messages after they are sent.
The mail looks like this:
Subject: As per your request!
Body: Please find attached file for your review. I look forward to
hear from you again very soon. Thank you.
Attachment: readme.exe
ralph
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
