Re: NAV 2000 Doesn't Catch "Life Stages" Worm ...

[John.Mckercher () MALMSTROM AF MIL (McKercher, John C II SSgt 341CS/SCBI)]

Wrong

-----Original Message-----
From: Thomason Blake E SSgt 85 TES/DET 1/DO
[mailto:Blake.Thomason () TYNDALL AF MIL]
Sent: Wednesday, June 28, 2000 10:23 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: NAV 2000 Doesn't Catch "Life Stages" Worm ...

Greetings!

Just a heads-up for those of you who are not already aware:  The current
Norton AV 2000 sig file (ver. 20621cb) does NOT detect the "Life Stages"
worm.

So far, we've only seen a few isolated occurences with no subsequent
infections, but the danger is there.  One occurrence had the subject "FW:
Jokes" and the attachment was "Life Stage".  This is a deviation from the
original worm when it was first detected about a week ago.  Also, the
message body was BLANK in every instance.

This worm is painfully simple to get rid of (if caught PRIOR to infection
<grin>)--simply delete the carrier email.  Depending on your mail platform,
you will want to make sure to remove the message from your "Deleted Items"
folder (or whatever feature in your email platform performs that function)
or bypass it altogether.  (NOTE:  MS Exchange users can simply highlight the
message and [SHIFT + DELETE] it.

Blake Thomason
System Administrator
Detachment 1, 85th Test and Evaluation Squadron
Tyndall Air Force Base, FL 32403  USA
mailto:blake.thomason () tyndall af mil