New Virus Hoaxes reported to Symantec
With the 'biggest computer virus incident ever' occurring at the beginning of the month I'm sure you are aware of this worm its payload and fixes, so I've included a small section and pointer to our extensive write-up on the web site. Interestingly VBS.NewLove followed shortly after but had little success, I suspect because everybody was still on high alert after VBS.LoveLetter.
This month our feature article is by Carey Nachenburg, he takes a look at URL filtering and the issues to be considered when implementing such systems.
This monthe we've started using the new Threat Severity Assessment categorisation, this is the number in brackets after the virus name and there's a description of the categories on our web site.
Stop Press - W97M.Melissa.BG [Moderate - 3]
O97M.Cybernet.A is a polymorphic macro virus that infects MS Word and MS Excel files.From an infected MS Word document, it does the following:
From an infected MS Excel spreadsheet, it does the following:
The mass-mailing payload is similar to that of W97M.Melissa.A. If it hasn't done so, it will email the infected document/spreadsheet to the first 50 addresses in every address list.
|VBS.LoveLetter.A SARC has currently identified 29 versions of this worm. The latest is VBS.LoveLetter.AC. Virus definitions dated May 5, 2000 detect and remove all of these known variants. |
Users of Norton AntiVirus can protect themselves from all known versions of the VBS.LoveLetter worm by downloading the latest virus definitions through LiveUpdate or by going to our web site at http://www.sarc.com/
A tool to repair the VBS.LoveLetter infection, including all known versions, is available at http://www.sarc.com/. Microsoft has also released a patch for MS Outlook to protect against this type of threat.
by: Eric Chien
|VBS.NewLove.A SARC, in conjunction with other anti-virus vendors, has renamed this worm from VBS.LoveLetter.FW.A to VBS.NewLove.A. |
The VBS.NewLove.A is a worm, and spreads by sending itself to all addresses in the Outlook address book once activated. The attachment name is randomly chosen, but will always have a .vbs extension. The subject header will begin with "FW: " and will include the name of the randomly chosen attachment (excluding the .vbs extension) Upon each infection, the worm introduces up to 10 new lines of randomly generated comments in order to prevent detection.
by Andy C
|A great deal of Internet surfing takes place in the workplace every day, making the workplace the world's largest Internet Service Provider (ISP). Most employees can access the Internet at work at much higher speeds than at home. But are they using it strictly for work? |
In a joint 1999 survey by the FBI and the Computer Security Institute, 97% of companies reported insider abuse of Internet. In addition, 62% of registered hits to X-rated web sites occur during business hours (Elron corp.) - presumably on your company's time.
With the increasing use of Shockwave, Flash and other interactive media, many web sites are designed for high-speed connections. Aside from increased interactivity, temptations like the stock market, online gambling, pornography, and web newscasts are all equally tantalizing. In addition, users check their personal e-mail at least half a dozen times per day.
Not only do these uses of the Internet hinder a company's productivity, they lead to other negative consequences: creating legal liabilities, wasting corporate bandwidth, and increasing your organization's exposure to malicious software, such as viruses, Trojan horses, and worms.
In response to the dilemma of the workplace being the biggest ISP, companies must consider their policies. Some companies will wish to outright block access to "inappropriate" web sites while others will want to take a gentler approach. Internet proxy software is adept at filtering access to web sites and have flexible policies which can be configured based on the time of day, by user or group, and by type of content.
For example, these products can allow the administrator to set policies like "All users in the finance group should be blocked from the following types of web-sites: pornography, gambling and stock trading - from 8am till 5pm, except on weekends." Once provided with such a policy, the Internet proxy can enforce your Internet surfing guidelines without further maintenance.
Alternatively, corporations can merely use Internet proxy software to monitor the company usage of the Internet. For example, an administrator could use the software to generate a report of the top ten visited sites each week during business hours. This information could then be sent to employees to provide awareness as to the current use of the Internet. If an employee sees that they are surfing to one of those top ten web sites and they know that site is inappropriate, they may reevaluate their surfing habits.
Like any new technology, while the Internet is becoming an indispensable work tool in the corporation, it also has some drawbacks. Specifically, when improperly used, it can be a productivity drain and increase the corporations' exposure to both work-related liabilities as well as malicious computer software. Consequently, corporations should examine their Internet usage policies and consider deploying tools to help manage Internet usage.
by Carey Nachenburg
SARC Glossary, what's the definition of a virus, trojan and worm?
|Correspondence by email to: email@example.com, no unsubscribe or support emails please. |
Send virus samples to: firstname.lastname@example.org
Newsletter Archive: http://www.symantec.com/avcenter/sarcnewsletters.html
|To Subscribe and Unsubscribe|
|To be added or removed from the subscription mailing list, please fill out the form available on the SARC website at: http://www.symantec.com/help/subscribe.html |
SARC AntiVirus News Update is published periodically by Symantec Corporation. No reprint without permission in writing, in advance.
|All information contained in this newsletter is accurate and valid as of the date of issue.|| |
Copyright © 1996-1999 Symantec Corporation. All rights reserved.
| || || || || || || || || |