|
Yes. It is a virus. Use Antigen from Sybari
Software on your exchange or Notes servers, we had updates for it days
ago.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
K.Borndale
----- Original Message -----
Sent: Thursday, September 06, 2001 10:24
AM
Subject: New Virus??
Has anyone heard about this? I was told its spreading
throught Europe. Any
validity to it?
There is a new Virus that
has been spotted as of Sept 03, 2001. Please be aware.
It spreads
rapidly!
** | VIRUS WARNING - Win32.Apost.A@mm| **
Central
Command is issuing a virus warning due to increased
infection reports for
this new backdoor that was discovered on
September 3rd, 2001.
** |
DESCRIPTION | **
Win32.Apost.A@mm is an Internet Worm that works on
Windows systems.
It spreads through e-mails as an attached file and is
activated
when the user executes the attachment.
When is executed,
the virus copies itself in the root of every
drive (including floppy-disk)
under the name readme.exe. Also, it
copies itself in the Windows directory
and sets the following
registry key to be executed at every startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft
"%windir%\readme.exe"
After this, it uses MAPI (Mailing
Application Programming
Interface) to send e-mail to every contact in the
user's Address
Book and sets Outlook to erase these messages after they
are sent.
The mail looks like this:
Subject: As per your request!
Body: Please find attached file for your review. I look forward to
hear from you again very soon. Thank you.
Attachment: readme.exe
ralph
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
|
