Exactly what we do - hence I don't have to leap to action on this one. :) Aloha,
-Ben- Ben M. Schorr, MVP-Outlook, CNA, MCPx3 Director of Information Services Damon Key Leong Kupchak Hastert http://www.hawaiilawyer.com > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 9:29 AM > To: Exchange Discussions > Subject: RE: New Virus ShakerWorld variant? > > > Better yet, block all .EXE files. > > -----Original Message----- > From: Ben Schorr [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 11:31 AM > To: Exchange Discussions > Subject: RE: New Virus ShakerWorld variant? > > > What about the "shake.exe" file indicated in the message? > > Aloha, > > -Ben- > Ben M. Schorr, MVP-Outlook, CNA, MCPx3 > Director of Information Services > Damon Key Leong Kupchak Hastert > http://www.hawaiilawyer.com > > > > -----Original Message----- > > From: Pfefferkorn, Pete (PFEFFEPE) [mailto:[EMAIL PROTECTED]] > > Sent: Friday, January 04, 2002 9:19 AM > > To: Exchange Discussions > > Subject: New Virus ShakerWorld variant? > > > > > > I just got a message from OAR.NET referring to a virus > alert. Still > > trying to find out more about it, but I thought I would > post this just > > in case. Trying to find out more on this one to see if there is an > > attachment I can block. > > > > > > From: Jodi Santini [mailto:[EMAIL PROTECTED]] > > Sent: Friday, January 04, 2002 1:07 PM > > To: [EMAIL PROTECTED] > > Subject: Virus Alert - W32/ShakerWorld > > > > > > Posted on notice.oar.net 1/4/02: > > > > Virus Alert: > > > > There is a variation of the W32/ShakerWorld virus making its way > > around the Internet. We are have not found information on > this virus > > at Symantec or CERT yet, but this what we have learned thus > far from > > our internal security folks which you will want to watch out for on > > your networks: > > > > o Random 8 char. file in the System directory > > o Shake.exe in email (MassMailer) > > o NetBIOS connections spreading virus to servers > > o Registry entry 'sysinfo' under the run statement. Note that we are > > seeing variants in the name of the key sysinfo<random chars> > > > > People who have been hit have gotten this virus thorugh > email. This > > virus can install a key in the registry of the infected systems. > > > > This is the information we have received at this time. > > > > Thank You, > > > > Jodi > > > > > > > > Pete Pfefferkorn > > Senior Systems Engineer/Mail Administrator > > University of Cincinnati > > 51 Goodman Street > > Cincinnati, OH 45221 > > Phone - (513) 556-9076 > > Fax - (513) 556-2042 > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]