Sybari Reports Virus in the Wild; Shockwave.A Trojan.Business Editors/High-Tech Writer E.NORTHPORT, N.Y.--(BUSINESS WIRE)--Nov. 30, 2000 No Reported Outbreaks Amongst Antigen Users Sybari Software, Inc., the premier antivirus and security specialist for groupware solutions reports on another Internet worm (networking, security) Internet Worm - The November 1988 worm perpetrated by Robert T. Morris. The worm was a program which took advantage of bugs in the Sun Unix sendmail program, Vax programs, and other security loopholes to distribute itself to over 6000 computers on the virus in the wild, "Shockwave.A Trojan". This is an Internet worm that leverages MAPI (Mail API) A programming interface from Microsoft that enables a client application to send to and receive mail from Exchange Server or a Microsoft Mail (MS Mail) messaging system. Microsoft applications such as Outlook, the Exchange client and Microsoft Schedule use MAPI. to send itself as an attachment to all addresses found in a Microsoft Outlook address book. With the recent rash of viruses reported this week, Sybari recommends that if sending executables is not part of your day-to-day business, that you set the Antigen File Filter (AFF AFF Affectionate AFF Affirmative AFF Adult FriendFinder (website) AFF American FactFinder (US Census data retrieval system) AFF Accelerated Free Fall (type of skydiving training) ) to quarantine all .exe files. "Having the file filtering capability within Antigen is key when viruses such as these hit." said Tom Buoniello, vice president of product management, Sybari Software, Inc. " While many network administrators are struggling trying to locate the latest virus definitions, those using Antigen only have to set the AFF (Antigen File Filter) to scan and quarantine all .exe. files." The Antigen Attachment Filter (AAF AAF abbr. Army Air Forces ) enables you to filter email attachment by filename, with wild cards or by file type. This unique feature will delete and/or quarantine file attachments meeting the filter criteria of messages entering or exiting the Microsoft Exchange environment. Attachments may be scanned by actual name (such as Melissa or Worm), or by file type (.exe). If files are sent in a ZIP archive, the AAF will scan each separate file enclosed in the archive. Once a matching file is detected, the AAF will automatically delete or quarantine it depending on the criteria specified by the administrator. The intended recipient will then receive a notification within their message alerting them that the file was deleted or quarantined. If a file is quarantined, a copy will be kept and may be opened by the administrator. The administrator also has the option to forward the quarantined attachment to the intended recipient after being reviewed.
POSTED ALERT
Virus Name: SHOCKWAVE.A Trojan
Alias: TROJ_SHOCKWAVE.A, NEW BACKDOOR
E-mail Subject: "A Great Shockwave Flash Movie"
E-mail Body: "Check out his new flash movie that I
download just now...It's Great"
E-mail Attachments: CREATIVE.EXE
When executing "CREATIVE.EXE" it will copy itself into: C:\CREATIVE.EXE. It will also copy itself in the Windows Startup as CREATIVE.EXE. It will then create a file Messageforu.txt, which shows all the modifications done by CREATIVE.EXE. The Execution of CREATIVE.EXE will search of JPG See JPEG. jpg - JPEG and ZIP files on the local system and them to the system root directory. They are then renamed to contain "Change at least now to LINUX". You can rename the name of the file since these renamed files are not damaged. Their original locations are found in the Messageforu.txt. The Messageforu.txt will also contain the following: "Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. I could have done far better damage; I could have even completely wiped your hard disk. Remember this is a warning & get it sound and clear... - The Penguin" Sybari Software is currently working with our AV vendors for a confirmation on a solution. For now please include a filter rule for the following file. CREATIVE.EXE or if transferring executables is not part of your day-today business, Sybari recommends creating a filter rule for all .exe files. Currently Sybari has not reported any outbreaks. To protect your environment from this new variant visit the Sybari website at: http://www.sybari.com. ABOUT ANTIGEN Antigen for Exchange and Notes is currently shipping. Antigen is available as a two-year renewable license based on the number of users protected within an organization. Pricing is discounted by volume with a per user range of $25-$10 per user. Sybari offers additional pricing and support options as "trade-up" pricing for products from vendors such as Network Associates (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :NETA), Symantec (NASDAQ:SYMC SYMC Symantec Corporation (stock symbol) ) and Trend Micro (NASDAQ:TMIC TMIC Trend Micro Inc. (stock symbol) TMIC Top Mount Intercooler (automotive turbo systems) TMIC Traffic Management and Information Centre TMIC Training Management Information Center ). For more information on Antigen and its more complex features, please visit the Sybari website at http://www.sybari.com or send an email to info@sybari.com. ABOUT SYBARI Since 1995, Sybari has been investigating and providing solutions for groupware-based viruses and security threats. Today, over four million groupware seats are virus-free as a result of Sybari's Antigen technology. Sybari produces Antigen for Notes and Antigen for Exchange, which is distributed in more than 50 countries through their worldwide offices and distribution network. Sybari is headquartered in E.Northport, New York Northport is a village in Suffolk County, New York on the North Shore of Long Island. As of the United States 2000 Census, the village population was 7,606. Students attend the Northport-East Northport Union Free School District. with its International headquarters in Madrid, Spain. Sybari's clients include IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Dell, Compaq, Merrill Lynch, JD Power, Amazon, Nortel, Visa, Tosco, Lufthansa, US Federal Government, Union Pacific, Wang Global/Getronics and Texaco. Evaluation copies of Antigen for Notes or Exchange are available for download from the Sybari Web site--http://www.sybari.com. Sybari's many strategic partners include Lotus Development (NYSE NYSE See: New York Stock Exchange :IBM), Microsoft (Nasdaq:MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), Computer Associates (NYSE:CA), Compaq (NYSE:CPQ CPQ Compaq CPQ Conseil du Patronat du Québec (Canada) CPQ Configure-Price-Quote CPQ Conseil de Presse du Québec (Québec Press Council, Canada) CPQ Companion Parrot Quarterly ) and Sun Microsystems (Nasdaq:SUNW SUNW Sun Microsystems, Inc (former stock symbol; now JAVA) SUNW Stanford University Network Workstation (Sun Microsystems, Inc) ). Other products and company names mentioned herein may be trademarks of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion