Doppio virus !

Title: REEEZAK WORM ALERT
URL:
http://www.infoworld.com/articles/hn/xml/01/12/19/011219hnreeezak.xml?1219al
ert
Location: * VIRUS ALERTS - MEDIUM TO HIGH RISK ASSESSMENT

Description:
A NEW MASS-MAILER worm that offers New Year's greetings
and what appears to be a holiday-related animation,
but actually attempts to delete large portions of the
Windows operating system, is spreading in the United
States and Europe Wednesday, according to Computer
Associates International. Posted December 19, 2001 11:37 AM USA Time

Title: VIRUS ALERT - VB Script Worm
URL: http://www.sophos.com/virusinfo/analyses/vbsdismisseda.html
Location: * VIRUS ALERTS - MEDIUM TO HIGH RISK ASSESSMENT

Description:
VBS/Dismissed-A is a virus which was initially found on a page pointed by
W32/Zacker-C worm.

The virus spreads using network shares and attemtps to spread
using mIRC.

If the page is loaded using vulnerable Internet Explorer, the
JavaScript code on the page drops and runs the file rol.vbs. The
dropped VBS file then sets the Internet Explorer home page to
point to "www.orst.edu/groups/msa/everwonder.swf".

It then attempts to delete number of anti-virus product related
files and directories.

The virus copies itself to all files with extensions "LNK",
"ZIP", "JPG", "JPEG", "MPG", "MPEG", "DOC", "XLS", "MDB", "TXT",
"PPT", "PPS", "RAM", "RM", "MP3", "MDB" and "SWF" and adds
extension "VBS" to the filename.

It also searches for files with "HTM", "HTML" and "ASP"
extension and adds a line with code which will attempt to
connect to a web page which contains VBS/Dismissed-B virus every
time the infected file is opened.

Finally, the virus displays a message box and attempts to
shutdown Windows.
No information on the "look and feel" available yet.  Only one infection
reported yet.  However, due to its ability to replace files we consider this
a medium to high risk.  Updates will be provided when available.




________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List