-Caveat Lector- ------- Start of forwarded message -------
General The details of the new trojan variant are as follows: Trojan name: W32/WineVar.A-mm Number of copies seen so far: 264 Time & Date first Captured: 22 Nov 2002, 08:55 GMT Origin of first intercepted copy: South Korea Number of countries seen active: 9 Top three most active countries: South Korea, UK, Russia Technical Details W32/WineVar.A-mm appears to add .CEO to the list of executable files. This means that if you do not completely clean up after this virus, the writer may be able to get you next time (because .CEO will not be on your list of known executable files. The virus utilizes the well-known MS01-020 vulnerability, and also exploits the com.ms.activeX.ActiveXComponent weakness. In copies that we have seen so far, an example of the e-mail is as follows: Subject: Re: AVAR (Association of Anti-Virus Asia Reseachers) Body: (None) Attachments: WIN(hex number).TXT (12.6 KB) MUSIC_1.HTM WIN(hex number).pif WIN(hex number).GIF (120 bytes) MUSIC_2.CEO Comment Skeptic™ detected W32/WineVar.A-mm heuristically. No MessageLabs customers were affected. Further information may be found at the MessageLabs website at: www.MessageLabs.com/VirusEye This email was sent to you because you subscribe to MessageLabs' Virus Alert service. You can cancel your subscription on the MessageLabs website at http://www.messagelabs.com/AlertUnsubscribe MessageLabs is a leading provider of Internet-level managed email security services. Through its SkyScan portfolio of services, MessageLabs customers are protected from email-borne threats such as viruses, unsolicited mail and pornographic material, before such content comes anywhere near their network boundaries. ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ -------- End of forwarded message -------- From ~~~~~~~~~~~~~~~ A<>E<>R + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Forwarded as information only; I don't believe everything I read or send (but that doesn't stop me from considering it; obviously SOMEBODY thinks it's important) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + In accordance with Title 17 U.S.C. section 107, this material is distributed without charge or profit to those who have expressed a prior interest in receiving this type of information for non-profit research and educational purposes only. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "Always do sober what you said you'd do drunk. That will teach you to keep your mouth shut." --- Ernest Hemingway <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om