Zoher Worm Gives Unwelcome Christmas PC Present

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/173214.html

By Steve Gold, Newsbytes
LONDON, ENGLAND,
26 Dec 2001, 8:33 AM CST
 
PC users returning to their machines after the Christmas break should
take care to update their security software, after two antivirus firms
issued warnings about the Zoher worm.

F-Secure issued a level two security alert to users on its Radar
security advisory service over the Christmas break. Level two is one
of three alert levels. Level two means the virus is active in the wild
and is technically sophisticated.
 
In its advisory to customers, F-Secure says that Zoher worm arrives in
an e-mail with the subject line of "Scherzo!" and with a Javascript
attachment. The worm executes automatically on some systems.

Russia's Kaspersky Lab issued a Christmas Day alert to customers about
Zoher, which it says is 6.6 kilobytes large and coded in assembler
language.

The Moscow-based antivirus company adds that the message body is quite
long and has been written in Italian. Kaspersky says that the code
uses a similar approach to the Nimda worm - it can be activated from
an infected e-mail when a user simply reads or previews a message.

Kaspersky advises users not to open the infected e-mail more than once
or else the worm will propagate itself from the users' PC.

F-Secure's Web site is at http://www.f-secure.com .

Kaspersky Lab's Web site is at http://www.kaspersky.com .



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.