B
BigBoy
The following virus has been reported - sourcing in the UK.
Email Message: Pleeeeeeease read!!!! it was on the news
Virus: W32.1nstaK1LL.23.6
Creation date: 2004-12-17 03:45:12.43 GMT
Severity: High
Description: The "InstaKill" virus propagates through email attachments
and in forwarded email messages. Upon infection, the host computer
opens a port in a range specified within the virus code, enabling other
executable software to be downloaded and installed without the user's
knowledge. The virus then searches for Word documents, initially
looking within any directories containing the words "Private",
"Confidential" or "Personal", and also looking for any documents which
appear to contain bank or other financial information. It sends
financial documents by File Transfer Protocol (FTP) to a central
(infected) computer which is periodically scanned for this information.
It also attaches itself to a random Word document as a macro and emails
itself to all contacts within the infected computer user's Outlook,
Novell Groupwise or Palm Desktop address books. The email subject line
is a random text string from the infected document.
Patch: Because of the evolving nature of this virus, there is no patch
currently available.
Action:
1. Do not open Word documents with macros enabled, even from sources
you usually trust, without first verifying the contents and purpose of
file.
2. Prevention is currently better than cure - forward this virus
warning to your contacts to remain vigilant. Send only plain text
messages - do not send attachments.
3. Update your virus software daily as a patch will likely be
forthcoming.
4. There is a UK hotline for information on this virus. Call +44 1252
323625 (24 hours a day) for the latest information on this virus
threat.
Email Message: Pleeeeeeease read!!!! it was on the news
Virus: W32.1nstaK1LL.23.6
Creation date: 2004-12-17 03:45:12.43 GMT
Severity: High
Description: The "InstaKill" virus propagates through email attachments
and in forwarded email messages. Upon infection, the host computer
opens a port in a range specified within the virus code, enabling other
executable software to be downloaded and installed without the user's
knowledge. The virus then searches for Word documents, initially
looking within any directories containing the words "Private",
"Confidential" or "Personal", and also looking for any documents which
appear to contain bank or other financial information. It sends
financial documents by File Transfer Protocol (FTP) to a central
(infected) computer which is periodically scanned for this information.
It also attaches itself to a random Word document as a macro and emails
itself to all contacts within the infected computer user's Outlook,
Novell Groupwise or Palm Desktop address books. The email subject line
is a random text string from the infected document.
Patch: Because of the evolving nature of this virus, there is no patch
currently available.
Action:
1. Do not open Word documents with macros enabled, even from sources
you usually trust, without first verifying the contents and purpose of
file.
2. Prevention is currently better than cure - forward this virus
warning to your contacts to remain vigilant. Send only plain text
messages - do not send attachments.
3. Update your virus software daily as a patch will likely be
forthcoming.
4. There is a UK hotline for information on this virus. Call +44 1252
323625 (24 hours a day) for the latest information on this virus
threat.