Re: Opportunist?

[george_gales () NON HP COM (GALES,SIMON (Non-A-ColSprings,ex1))]

I took a quick look at it, and was wondering just what it was doing fiddling
in the MAPI address books... does the ILU worm write to the address book(s)?

This script/batchfile only cleans up .vbs files, but I seem to remember
someone mentioning overwritten .js/.mp3 files among others?  Or is it just
my end-of-week fogginess?

BB, did you see something specific that we're missing?  Or perhaps the
author has ... fixed some ... bugs?

-Simon
george_gales () non hp com
-----Original Message-----
From: Dag-Erling Smorgrav [mailto:des () FLOOD PING UIO NO]
Sent: Friday, May 05, 2000 6:52 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Opportunist?

Blue Boar <BlueBoar () THIEVCO COM> writes:
> I'll be the first to admit that I'm not much of a VBScript coder,
> but the code as the URL below looks a little suspicious to me.
> Perhaps I'm just being paranoid today.

I'm not a VBScript ace either, but the code looks kosher to me. It
deletes the registry entries created by LOVELETTER, then searches for
and deletes .VBS files.

DES

--
Dag-Erling Smorgrav - des () flood ping uio no