nanog mailing list archives
Virus Update
From: "Branden R. Williams" <brw () netvitality net>
Date: Thu, 4 May 2000 10:40:27 -0500 (CDT)
Ok, this thing is pretty nasty... Here is a quick summary of what it does. Should you run it, you will lose any files of the following extensions. They will be renamed to filename.extension.vbs with a fresh copy of the replication part. File extensions affected: vbs,vbe,js,jse,css,wsh,sct,hta,jpg,jpeg,mp2,mp3. Every file with that extension is overwritten with the virus. It looks to be localized to mounted hard drives. It does not appear to affect mapped network drives. It also makes a dozen or so registry entries including one to reset your start page to the following URL. http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe I have not gone to this URL yet to see what it is, but it downloads a copy of a file called WIN-BUGSFIX.exe. In addition, it creates a MIRC script called script.ini to DCC SEND this to whatever channel you are on. Of course it sends it to everyone in your address book with the subject ILOVEYOU. It looks to only affect people who actually run the vbs script. I would assume that if you are not on a Windows platform that you are not affected. I'll let you know more when we find more. Cheers, Branden R. Williams <brw () netvitality net> Vice President, Systems - NetVitality, Inc. http://www.netvitality.net/ Internet Commerce Specialists
Current thread:
- Virus Update Branden R. Williams (May 04)
- Re: Virus Update Branden R. Williams (May 04)
- Re: Virus Update Rodney Joffe (May 04)
- Re: Virus Update Christian Nielsen (May 04)
- Re: Virus Update Christian Nielsen (May 04)
- Re: Virus Update Larry Snyder (May 04)
- Re: Virus Update Mark Borchers (May 04)
- Re: Virus Update Mark Borchers (May 04)
- Message not available
- Re: Virus Update Mark Borchers (May 04)
- Re: Virus Update Rodney Joffe (May 04)
- Re: Virus Update Branden R. Williams (May 04)
- Re: Virus Update Andrew Brown (May 04)
- Re: Virus Update Rodney Joffe (May 04)