Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Kaspersky Lab Warns Of Worm-Infected Web Pages

From: William Knowles <wk () C4I ORG>
Date: Wed, 5 Jul 2000 01:45:54 -0500
http://www.computeruser.com/news/00/07/05/news3.html

By: Sylvia Dennis, Newsbytes
July 05, 2000

Kaspersky Lab has warned users to be aware of a new worm that can
penetrate users' PC as soon they visit an infected Web page.

The worm, which is known as "Jer," is not as dangerous as the infamous
Melissa or Chernobyl viruses, mainly because it has a number of bugs,
which conspire to limit the worm's spread to Internet relay chat (IRC)
channels, and not e-mail.

Eugene Kaspersky, the IT security company's head of antivirus
research, said that if there were not such primitive errors with the
worm, the world would face yet another global epidemic comparable to
the ILOVEYOU virus.

Kaspersky Lab said that Jer uses a primitive, but very effective way
of penetrating computers.

The infected Web site contains a script-program (the worm itself),
which is automatically executed after a user opens an infected HTML
page.

At this stage, the user receives a warning from the system whether to
accept this unknown script or not. This method exploits so-called
"mind breaches." To avoid this annoying message, a user usually
answers "yes," whereupon the worm is passed on to the user's PC.

The Russian antivirus firm said that the worm appeared on July 2 on a
Web site within the Geocities Web server.

The worm appeared in a page entitled "the 40 ways women fail in bed,"
which was "advertised" on several popular IRC channels, resulting in
more than 1,000 visitors to the site in just one day.

Further details of the Jer worm can be found on Kaspersky's Web site
at http://www.kasperskylab.ru/eng/news/press/20000702-1.asp.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: