-Caveat Lector-
------- Start of forwarded message -------
General
The details of the new trojan variant are as follows:
Trojan name: W32/WineVar.A-mm
Number of copies seen so far: 264
Time & Date first Captured: 22 Nov 2002, 08:55 GMT
Origin of first intercepted copy: South Korea
Number of countries seen active: 9
Top three most active countries: South Korea, UK, Russia
Technical Details
W32/WineVar.A-mm appears to add .CEO to the list of executable files. This means that
if
you do not completely clean up after this virus, the writer may be able to get you
next time
(because .CEO will not be on your list of known executable files.
The virus utilizes the well-known MS01-020 vulnerability, and also exploits the
com.ms.activeX.ActiveXComponent weakness.
In copies that we have seen so far, an example of the e-mail is as follows:
Subject: Re: AVAR (Association of Anti-Virus Asia Reseachers)
Body:
(None)
Attachments:
WIN(hex number).TXT (12.6 KB) MUSIC_1.HTM
WIN(hex number).pif
WIN(hex number).GIF (120 bytes) MUSIC_2.CEO
Comment
Skeptic™ detected W32/WineVar.A-mm heuristically. No MessageLabs customers were
affected.
Further information may be found at the MessageLabs website at:
www.MessageLabs.com/VirusEye
This email was sent to you because you subscribe to MessageLabs' Virus Alert service.
You
can cancel your subscription on the MessageLabs website at
http://www.messagelabs.com/AlertUnsubscribe
MessageLabs is a leading provider of Internet-level managed email security services.
Through its SkyScan portfolio of services, MessageLabs customers are protected from
email-borne threats such as viruses, unsolicited mail and pornographic material, before
such content comes anywhere near their network boundaries.
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
-------- End of forwarded message --------
From
~~~~~~~~~~~~~~~
A<>E<>R
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Forwarded as information only; I don't believe everything I read or send
(but that doesn't stop me from considering it; obviously SOMEBODY thinks it's
important)
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
In accordance with Title 17 U.S.C. section 107, this material is distributed without
charge or
profit to those who have expressed a prior interest in receiving this type of
information for
non-profit research and educational purposes only.
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
"Always do sober what you said you'd do drunk. That will teach you to keep your mouth
shut."
--- Ernest Hemingway
<A HREF="http://www.ctrl.org/";>www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance—not soap-boxing—please! These are
sordid matters and 'conspiracy theory'—with its many half-truths, mis-
directions and outright frauds—is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
