VIRUS WARNING: MESSAGE ON LISTSERV CONTAINS A VIRUS

Subject: VIRUS WARNING: MESSAGE ON LISTSERV CONTAINS A VIRUS
From: j l saba <jlsaba at capu dot net>
Date: Tue, 27 Mar 2001 18:41:09 -0500

My antivirus software trapped a virus when I opened a message on the
listserv this afternoon.

The message is from Alan S Condie, with subject "birding spotting
scopes." I didn't check, but it is possible it is also attached to the
reply message sent by Ann Neville.

This virus will install itself as soon as you read the message if your
mailer can handle HTML files. Otherwise, it will be converted to an
attachment. 

The virus name is JS.kakworm.G. It appears to be a variant of the
Wscript.Kak.worm. The following is from the Symantec web page:

               Wscript.KakWorm is a worm. It spreads using Microsoft
               Outlook Express. The worm attaches itself to all outgoing
               messages using the Signature feature of Outlook Express.
               Signatures enable you to automatically append information
               at the end of all outgoing messages.

               This worm uses three files to deliver its payload. The
file
               extensions are:

                   .hta
                   .reg 
                   .bat

               The message that contains this worm is written in an
               HTML format that supports scripting. It uses a security
hole
               in Microsoft Outlook/Outlook Express that is known as
               "Scriptlet TypeLib," and it places a shortcut to an .hta
file in
               the StartUp folder. The next time the computer is
restarted,
               the .hta file is run.

For more information, see

http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html


Jack Saba

- -- 
Jack and Julie Saba
Berwyn Heights, Prince George's County, MD
jlsaba@capu.net
- -------------------------------------------
Save the rainforests:   http://www.therainforestsite.com
                        http://rainforest.care2.com
Save forests in the US: http://www.webreleaf.com
Feed the hungry:        http://www.thehungersite.com
========================================================================
 Send submissions to . . . . . . . . . . . . . .  birdnet@utahbirds.org
 Send replies to . . . . . . . . . . . . . . . .  birdnet@utahbirds.org
   or to the original poster indicated in the From: line of the post
 Send (un)subscribe requests to  . . . .  birdnet-request@utahbirds.org
   In message body: type "subscribe" (without quotes) to subscribe
   In message body: type "unsubscribe" (without quotes) to unsubscribe
 Send problem reports to . . . . . . . . .  owner-birdnet@utahbirds.org
 Visit the Utah Birds web site at  . . . . .   http://www.utahbirds.org

------------------------------

Prev by Date: European Goldfinch Update
Next by Date: European Goldfinch
Index(es):
- Date