Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Christopher Scragg (cscraggworkgroup.net)
Date: Tue Sep 18 2001 - 10:38:22 CDT
Another e-mail virus is propagating vigorously today embedded into
e-mail message bodies. Typical instances that I have seen include the
message being delivered to the same recipient 3 times (or more).
The filename of the embedded virus/worm is README.EXE. The worm claims
to be called "Concept Virus v.5". The worm places the guest user into
the local Administrators group then creates an administrative share
called X$. Furthermore the local Guest account is then enabled. This
share can then be accessed by any user.
The TFTP service is used to place a file called Admin.dll on all local
drives. This dll is then used in Code Red fashion to execute malicious
code against the server(s).
ACTION TO BE TAKEN: If you are using anti virus software on your mail
gateway, filter all .EXE file attachments until the various virus
vendors update their definitions.
Chief Technology Officer
Business Information Group
865.777.1382 x222 Local
888.875.4704 x222 Toll Free