[esa-l] Email worm warnings (FYI, no updates needed)

John D. Hardin jhardin at wolfenet.com
Sun Oct 17 17:47:01 PDT 1999

The current version of the sanitizer (1.92) should defend against all
of these attacks. No new poisoned executables are indicated.

Too bad Hotmail doesn't seem to be using it. Maybe somebody ought to 
suggest it to them... :)

 John Hardin KA7OHZ         ICQ#15735746          jhardin at wolfenet.com
 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
  Mary had a little key
  she kept it in escrow
  and everything that Mary sent
  the feds were sure to know         -- Andy Starritt, in sci.crypt
   14 days until Halloween and Daylight Savings Time ends

---------- Forwarded message [ABRIDGED] ----------
Date: Sun, 17 Oct 1999 08:39:32 -0700
From: Jim Reavis <jreavis at securityportal.com>
Subject: SecurityPortal.com -- October 18, 1999

******* Top News *******
October 18, 1999
Welcome to SecurityPortal.com -  The focal point for security on the Net.


Recent postings in our top news
<http://www.securityportal.com/framesettopnews.html> :

Oct 16, 1999
TechWeb: Hotmail Still In Virus Hot Seat
<http://techweb.com/wire/story/TWB19991015S0016>  - Hotmail still leaks up
to 56 of the Internet's most virulent viruses, despite Microsoft's claim
that it had patched security at the trouble-prone e-mail service, according
to anti-virus experts. Article claims Microsoft contracted Network
Associates to write a Melissa-capable McAfee scanner for FreeBSD, the
current Hotmail platform, this summer

Microsoft Bulletin: IFRAME ExecCommand Vulnerability
<http://securityportal.com/topnews/ms99-042upd.html>  - a patch is now
available for the latest Microsoft Internet Explorer 5 and 4.01
vulnerability found by Georgi Guninski. See Oct 12 Top News

InfoWorld: Melissa spawns deadly offspring
<http://www.infoworld.com/cgi-bin/displayStory.pl?991013.iimelissa.htm> -
The Melissa virus continues to be the virus that will not die, as two new,
much more destructive Melissa variants have been discovered and are
spreading across the world via e-mail. See Oct 12 and 13 Top News for more
info about Melissa.U and Melissa.V

NAI Virus Alert: W97M/Melissa.v  <http://vil.nai.com/vil/vm10386.asp> -
virus has subject line "My Pictures", it attempts to delete files and
directories in the root of mapped drives

Microsoft Bulletin: Browser IFRAME ExecCommand Vulnerability
<http://securityportal.com/topnews/ms99-042.html>  - a vulnerability exists
in the active scripting in Internet Explorer 5 which could allow a malicious
web site operator to read local files. A patch is not available and
Microsoft recommends disabling active scripting for the Internet Zone

Sophos identifies new Melissa virus variant
<http://www.sophos.com/downloads/ide/index.html#melissau>  - This macro
virus is similar to the original Melissa macro virus. It is both MAPI and
Outlook aware and forwards itself to all addresses in Outlook's address
book. The virus also tries to delete the files IO.SYS, COMMAND.COM,
NTDETECT.COM and SUHDLOG.DAT in the root directory of the C: and D: drives


Jim Reavis
SecurityPortal.com - The focal point for security on the Net
jreavis at SecurityPortal.com <mailto:jreavis at SecurityPortal.com>

To remove yourself from the Email-Security-Announce list, send a message
with the subject of "unsubscribe" to esa-l-request at spconnect.com.

More information about the esd-l mailing list