nanog mailing list archives
RE: Virus Update
From: "Branden R. Williams" <brw () netvitality net>
Date: Thu, 4 May 2000 10:54:45 -0500 (CDT)
On Thu, 4 May 2000 msarges () midco net wrote:
Just to clarify, it will look at files on network or net-mapped drives. Our organization just found out the hard way.
Ok, we must have stopped it before that happened to us. The person who ran this (argh) only affected their own hard drive and missed any network drives.
On 04-May-2000 Branden R. Williams wrote:Ok, this thing is pretty nasty... Here is a quick summary of what it does. Should you run it, you will lose any files of the following extensions. They will be renamed to filename.extension.vbs with a fresh copy of the replication part. File extensions affected: vbs,vbe,js,jse,css,wsh,sct,hta,jpg,jpeg,mp2,mp3. Every file with that extension is overwritten with the virus. It looks to be localized to mounted hard drives. It does not appear to affect mapped network drives. It also makes a dozen or so registry entries including one to reset your start page to the following URL. http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqweras djhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe I have not gone to this URL yet to see what it is, but it downloads a copy of a file called WIN-BUGSFIX.exe. In addition, it creates a MIRC script called script.ini to DCC SEND this to whatever channel you are on. Of course it sends it to everyone in your address book with the subject ILOVEYOU. It looks to only affect people who actually run the vbs script. I would assume that if you are not on a Windows platform that you are not affected. I'll let you know more when we find more. Cheers, Branden R. Williams <brw () netvitality net> Vice President, Systems - NetVitality, Inc. http://www.netvitality.net/ Internet Commerce Specialists---------------------------------- E-Mail: msarges () midco net Date: 04-May-2000 Time: 10:49:31 We have met the enemy, and he is us. -- Walt Kelly ----------------------------------
Cheers, Branden R. Williams <brw () netvitality net> Vice President, Systems - NetVitality, Inc. http://www.netvitality.net/ Internet Commerce Specialists
Current thread:
- product liability (was: Virus Update), (continued)
- product liability (was: Virus Update) William Allen Simpson (May 09)
- Re: product liability (was: Virus Update) Jim Mercer (May 09)
- Re: product liability (was: Virus Update) William Allen Simpson (May 09)
- Re: product liability (was: Virus Update) Jim Mercer (May 09)
- Re: product liability (was: Virus Update) Greg A. Woods (May 09)
- off-topic rant Re: product liability (was: Virus Update) brad reynolds (May 09)
- Re: off-topic rant Re: product liability (was: Virus Update) Bruce Campbell (May 09)
- Re: off-topic rant Re: product liability (was: Virus Update) Steve Sobol (May 09)
- Re: off-topic rant Re: product liability (was: Virus Update) Valdis . Kletnieks (May 09)