From Sybari
-----Original Message-----
From: Sybari Updates [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 1:23 PM
To: [EMAIL PROTECTED]
Subject: Virus Alert: "W32/Vote@mm"
Is this a Virus that uses E-mail?: yes
Virus Name:
-------------------
W32/Vote@mm
Alias:
-------------------
W32.Vote.A@MM
E-mail Subject:
-------------------
Fwd: Peace BeTweeN AmeriCa and IsLaM !
E-mail Body:
-------------------
Hi
Is it a war against America or Islam. Lets Vote to live in peace.
E-mail Attachments:
-------------------
WTC.EXE
Zacker.vbs
Mixdalal.vbs
Description:
-------------------
There has been some inquiries about this new email generated worm. At the present time there has not been any reported infections in the wild. Sybari Software, Inc., will continue to monitor the status of this new worm . At the present time file filter rules can be setup for the above attachment names. Heuristically the NAI Update: 2001092002 will detect it as "New BackDoor"
It is considered a LOW RISK at the present time, but we are notifying you do to the attention drawn to its subject nature.
Characteristics:
When the worm (WTC.EXE) is executed it will attempt to email all contacts located in the Outlook Address Book. Placing both zacker.vbs, and mixdalal.vbs on the file system. When the zacker.vbs script is run they will replace HTM and HTML files with a messages stating:
AmeRiCa....Few days WiLL Show You What We Can Do !! It's Our Time ZaCkEr is So Sorry For You.
The Mixdalal.vbs script will be placed to run in the registry to execute on startup. When it is executed it will replace the autoexec.bat with a command to format the c: drive.
Thank You,
Sybari Software, Inc.
More Info:
-------------------
http://www.sybari.com/alerts
List Maintenance:
------------------- http://www.sybari.com/support/support_list.asp
