Another e-mail virus is propagating vigorously today embedded into
e-mail message bodies. Typical instances that I have seen include the
message being delivered to the same recipient 3 times (or more).

The filename of the embedded virus/worm is README.EXE. The worm claims
to be called "Concept Virus v.5". The worm places the guest user into
the local Administrators group then creates an administrative share
called X$. Furthermore the local Guest account is then enabled. This
share can then be accessed by any user.

The TFTP service is used to place a file called Admin.dll on all local
drives. This dll is then used in Code Red fashion to execute malicious
code against the server(s).

ACTION TO BE TAKEN: If you are using anti virus software on your mail
gateway, filter all .EXE file attachments until the various virus
vendors update their definitions.

 
Christopher Scragg
Chief Technology Officer
Business Information Group
865.777.1382 x222 Local
888.875.4704 x222 Toll Free
865.777.1579 Direct
www.workgroup.net
 
 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]