[esa-l] Email viruses/trojans alert

John D. Hardin jhardin at wolfenet.com
Sun Oct 31 18:39:17 PST 1999 

The sanitizer has been updated to include the new executable extension
".SHS" as described in the advisory referenced below. Please update
your copy of the sanitizer. The current release is 1.93 and is
available via:

 ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html

Please add the filespec "*.SHS" to your poisoned executables list. The
poisoned executables list is not case-sensitive.

The sanitizer *should* protect against the Corner virus, but as I have
not seen the virus code I cannot guarantee it. If anybody has a sample
of it I would appreciate a copy.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Mary had a little key
  she kept it in escrow
  and everything that Mary sent
  the feds were sure to know         -- Andy Starritt, in sci.crypt
-----------------------------------------------------------------------
   Today: Halloween and Daylight Savings Time ends


---------- Forwarded message [ABRIDGED] ----------
Date: Sun, 31 Oct 1999 09:20:56 -0800
From: Jim Reavis <jreavis at securityportal.com>
To: SECURITYPORTAL-L at LISTSERV.SECURITYPORTAL.COM
Subject: SecurityPortal.com -- November 1, 1999

******* Top News *******
November 1, 1999
Welcome to SecurityPortal.com -  The focal point for security on the Net.

Recent postings in our top news
<http://www.securityportal.com/framesettopnews.html> :

Oct 29, 1999
Finjan Alert: Microsoft Office Scrap File Exploit
<http://www.finjan.com/attack_release_detail.cfm?attack_release_id=18> -
Microsoft Office applications can be used to create "scrap" files that hide
executable programs or other content. Windows always hides the .SHS file
extension, so a different file extension can be used (e.g., JPEG, GIF, .TXT)
to make a program appear to be a harmless file type. Essentially, this gives
a person with malicious intent the ability to create Trojan executable
programs that the majority of people will open without hesitation

Data Fellows: First macro virus for MS Project found
<http://www.data-fellows.com/v-descs/corner.htm>  - Corner is the first
macro virus to infect Microsoft Project application. This virus infects both
Project and Word and can travel between them. When an infected document is
opened to Microsoft Word 97 or 2000, P98M/Corner.A checks if Microsoft
Project is running. If it is, it gets infected

Jim Reavis
SecurityPortal.com - The focal point for security on the Net
jreavis at SecurityPortal.com <mailto:jreavis at SecurityPortal.com>




--------------------------------------------------------------------------
To remove yourself from the Email-Security-Announce list, send a message
with the subject of "unsubscribe" to esa-l-request at spconnect.com.

More information about the esd-l mailing list