Re: Another new worm???

[Dan_Schrader () TRENDMICRO COM (Dan Schrader)]

Thank you

You have no provided the virus to 40,000 people who have nothing in common
except that they are interested in security.  Go to usenet and you will find
dozens of posts from virus writers and vx wannabes asking for viruses to
play with - you answered their prayers.

This virus has already been extensively analyzed  - there was no need to
spread it further.

In the future if you wish to have a file analyzed, send to known, trusted
experts or send to one or more of the antivirus vendors.  Trend Micro will
analyze unsolicated files if you send them to:

virus_doctor () trendmicro com

Dan Schrader
Trend Micro
www.antivirus.com

-----Original Message-----
From: Blue Boar [mailto:BlueBoar () THIEVCO COM]
Sent: Monday, June 19, 2000 7:25 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Another new worm???

This copy was provided to the SecurityFocus folks today by Ron Greer.
Password is "worm", without the quotes.

It appears to be a known virus/worm:

http://vil.mcafee.com/dispVirus.asp?virus_k=98668

They're (McAfee) saying they got word on 5/30, and the deal is that it
seems to have gotten loose today.

Also:

http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=VBS
_STAGES.A

It looks like it's got a Word header on it (which seems strange to me
for a .shs extension) and it's partially obscufucated.  I'd be interested
in seeing some analysis.

                                        BB