[CLUE-Tech] Fwd: New Linux Site
Jeffery Cann
jccann at home.com
Wed Apr 11 23:11:59 MDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI
- ---------- Forwarded Message ----------
Subject: New Linux Site
Date: Tue, 10 Apr 2001 21:48:38 -0500
From: "Chuck Renno" <crenno at kchost.com>
To: <president at clue.denver.co.us>
Redhatchat.com is the Red Hat Community's newest FREE message board. Our goal
is to create a place where Red Hat users and newbies can meet and express
their opinion or find the answer to a problem. We recognize that LUGs are a
solid base of the community and we invite your members to visit and
contribute to this site dedicated to helping the Linux community.
While the name of the site invites Red Hat users the site caters to all
flavors of Linux. Coming soon are other Linux sites and added features to
the message board like IRC links.
Please visit redhatchat.com and add a link or banner to your LUG site. We are
actively seeking moderators and would like suggestions and input on how to
make the site better. Also please send us a link to your site. Right now we
are relying on Linux User Groups World Wide to manage a good reference site
for LUGS. Ours site hopes to bring more exposure to good LUG sites
There is no advertising on the site and the board is absolutely free! This
site can become what ever the community asks for.
Your help is greatly appreciated. We realize that we are latecomers to the
Internet Linux community but in real life we are a group of ISP worker bees
that have been using Linux as our main server for over a year. If it were
not for the open source community we could not exist and this is our way of
contributing.
Enclosed is a banner and button for your site.
Thanks again,
Chuck Renno
crenno at redhatchat.com
- -------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjrVOSIACgkQw3/GBQk72kDpjACeOdFWwVrJMzxb9P1IpJkRqXYk
NM8AoJsh52nW2ZS7YlDwtWCMPkCqcxkC
=ULgc
-----END PGP SIGNATURE-----
Received: from ntwrkstn-4d1.4dvision.net ([66.7.157.253])
by clue.denver.co.us (8.9.3/8.9.3) with ESMTP id XAA31249
for <clue-tech at clue.denver.co.us>; Wed, 11 Apr 2001 23:39:35 -0600
Received: from [66.7.172.27] by ntwrkstn-4d1.4dvision.net (NTMail 5.06.0016/NT2027.00.ab746829) with ESMTP id cecetaaa for clue-tech at clue.denver.co.us; Wed, 11 Apr 2001 22:45:33 -0600
Message-ID: <3AD533F1.E318F7C8 at 4dv.net>
Date: Wed, 11 Apr 2001 22:49:53 -0600
From: "William C. Phye" <bbccp at 4dv.net>
X-Mailer: Mozilla 4.76 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: CLUE <clue-tech at clue.denver.co.us>
Content-Type: multipart/mixed;
boundary="------------420C237FE85D69DE777C4880"
Subject: [CLUE-Tech] [Fwd: SARC April 2001 Newsletter]
Sender: clue-tech-admin at clue.denver.co.us
Errors-To: clue-tech-admin at clue.denver.co.us
X-BeenThere: clue-tech at clue.denver.co.us
X-Mailman-Version: 2.0beta2
Precedence: bulk
Reply-To: clue-tech at clue.denver.co.us
List-Id: CLUE technical discussions, questions and answers. <clue-tech.clue.denver.co.us>
This is a multi-part message in MIME format.
--------------420C237FE85D69DE777C4880
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello.
During the April Meeting, there was some discussion regarding current
number - know - viruses [platform unspecified]. As of April 10, 2001,
Norton Anti Virus is protecting against 49,082 viruses.
For the uninitiated, I have attached SARC April 2001 Newsletter. A
'Find In Message' search [on Newsletter] for Linux returned no hits.
Which is curious, because Symantec is busting it's butt to complete
Linux Anti Virus shrink-wrap product.
As we know there are Linux viruses, it is curious Symantec doesn't
'track' them. I wonder how many Linux viruses there are? Does anyone
know?
Thanks,
Bill
PS
Watch for All-Linux.org.
Good night
--------------420C237FE85D69DE777C4880
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Received: from [198.6.49.12] by ntwrkstn-4d1.4dvision.net (NTMail 5.06.0016/NT2027.00.ab746829) with ESMTP id zqbetaaa for bbccp at 4DV.NET; Wed, 11 Apr 2001 21:59:52 -0600
Received: from navgwout.symantec.com (navgwout [198.6.49.12])
by navgwout.symantec.com (8.9.3+Sun/8.9.3) with SMTP id VAA12767
for <bbccp at 4DV.NET>; Wed, 11 Apr 2001 21:01:47 -0700 (PDT)
Received: from lserver.symantec.com ([198.6.49.6])
by navgwout.symantec.com (NAVGW 2.2 bld 73) with SMTP id M2001041120240900953
; Wed, 11 Apr 2001 20:24:09 -0700
Received: from lserver (lserver [198.6.49.6])
by lserver.symantec.com (8.9.3+Sun/8.9.3) with ESMTP id UAA05286;
Wed, 11 Apr 2001 20:20:00 -0700 (PDT)
Received: from LSERVER.SYMANTEC.COM by LSERVER.SYMANTEC.COM (LISTSERV-TCP/IP
release 1.8d) with spool id 24684 for
SARC-HTML-L at LSERVER.SYMANTEC.COM; Wed, 11 Apr 2001 20:19:31 -0700
Approved-By: SARC at SYMANTEC.COM
Received: from friday (host222-sub102.symantec.com [155.64.102.222]) by
lserver.symantec.com (8.9.3+Sun/8.9.3) with SMTP id UAA03009 for
<sarc-html-l at lserver.symantec.com>; Wed, 11 Apr 2001 20:10:07 -0700
(PDT)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="68153787"
Message-ID: <200104120310.UAA03009 at lserver.symantec.com>
Date: Wed, 11 Apr 2001 20:10:07 -0700
Reply-To: David Banes <SARC at symantec.com>
Sender: SARC-HTML-l <sarc at symantec.com>
From: David Banes <SARC at symantec.com>
Subject: SARC April 2001 Newsletter
To: SARC-HTML-L at lserver.symantec.com
X-Mozilla-Status2: 00000000
This is a multipart message in MIME format
--68153787
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
-----------------------------------------------------------------=
---------
Symantec AntiVirus Research Centre ISSN=
1444-9994
April 2001 Newsletter
-----------------------------------------------------------------=
---------
Those of you that follow the threats listed in the sidebar would=
have
noticed that there's been a fairly big shake up over the last=
month.
W32.Magistr.24876 at mm moved up to level 4 (Severe) because we have=
seen a
sharp rise in the number of reported incidents of this worm and=
virus
hybrid. FunLove has returned to the Asia Pacific top ten and=
others have
either dropped out of the listings or appear for the first time.
We usually get increased levels of virus and worm activity around=
Easter
time and I expect this year to be no different, let's just hope=
that we
don't see another Melissa or LoveLetter level incident. VBS worms=
are very
common and still pose a major threat to many organisations and=
individuals
alike. Symantec recently released a script blocking feature in=
our consumer
product NAV 2001 v7.07 and I asked the lead developer Mark=
Kennedy to write a
short article on this for us.
David Banes,
Editor, sarc at symantec.com
-----------------------------------------------------------------=
---------
-----------------------------------------------------------------=
---------
These are the most reported Viruses, Trojans and Worms to SARC's=
offices
during the last month.
Top Threats
W95.Hybris -=
www.sarc.com/avcenter/venc/data/w95.hybris.gen.html
W95.MTX - www.sarc.com/avcenter/venc/data/w95.mtx.html
Wscript.KakWorm -=
www.sarc.com/avcenter/venc/data/wscript.kakworm.html
W32.HLLW.Bymer -=
www.sarc.com/avcenter/venc/data/w32.hllw.bymer.html
VBS.SST at mm -=
www.symantec.com/avcenter/venc/data/vbs.sst at mm.html
VBS.LoveLetter -=
www.sarc.com/avcenter/venc/data/vbs.loveletter.a.html
W32.Navidad.16896 -=
www.sarc.com/avcenter/venc/data/w32.navidad.16896.html
Happy99.Worm -=
www.symantec.com/avcenter/venc/data/happy99.worm.html
W32.Magistr.24876 at mm -=
www.sarc.com/avcenter/venc/data/w32.magistr.24876 at mm.html
VBS.Vbswg.gen -=
www.symantec.com/avcenter/venc/data/vbs.vbswg.gen.html
JS.Seeker -=
www.sarc.com/avcenter/venc/data/js.seeker.html
VBS.SST at mm -=
www.symantec.com/avcenter/venc/data/vbs.sst at mm.html
-----------------------------------------------------------------=
---------
Worms
-----------------------------------------------------------------=
---------
VBS.Pleh.A at mm Medium=
[3] Script
VBS.Pleh.A at mm sends itself to email addresses in the Microsoft=
Outlook
address book. It overwrites files on local and remote drives,=
including
files with the extensions .mp3, .pwd, .exe, .mp2, .doc, .avi,=
.mpeg, or
.htm. The contents of these files are replaced with the source=
code of the
worm, destroying the original contents.
Removing this worm is complicated please visit the web page=
linked to
below for detailed instructions.
http://www.sarc.com/avcenter/venc/data/vbs.pleh.a@mm.html
by: Douglas Knowles
SARC, USA
-----------------------------------------------------------------=
---------
VBS.Futonik.A at mm Low=
[2] Script
VBS.Futonik.A at mm sends itself to email addresses in the Microsoft=
Outlook
address book. It overwrites files on local and remote drives,=
including
files with the extensions .vbs, .vbe, .js, .txt, .bmp, .htm,=
.html, .gif,
.jpg, and .htt. The contents of most of these files are replaced=
with the
source code of the worm, destroying the original contents.
NOTE: Due to a bug in the virus code, in some cases files with=
the
extensions .hta, .htt, .htm, .html, or .asp will be infected by=
the worm,
instead of being overwritten. If this happens, the viral code=
will execute
prior to executing the original file.
VBS.Futonik.A at mm also infects the Microsoft Word global template,=
Normal.dot.
http://www.sarc.com/avcenter/venc/data/vbs.futonik.a@mm.html
by: Douglas Knowles
SARC, USA
-----------------------------------------------------------------=
---------
Viruses
-----------------------------------------------------------------=
---------
BW.770.B Minimal=
[1] DOS
BW.770.B is a virus that infects DOS .exe and .com files. It is=
770 bytes
in size, and it appears to have been created with the "Biological=
Warfare"
virus creation kit . The virus appears to have been modified=
manually after
being created with the kit. BW.770.B can be inserted on your=
system by the
"futs" hackers tool.
NOTE: This virus was previously detected as=
Bloodhound.Filestring. All
viruses that can be created with the Biological Warfare virus=
creation kit
will be detected by Norton AntiVirus.
http://www.sarc.com/avcenter/venc/data/bw.770.b.html
by: Neal Hindocha
SARC, EMEA
-----------------------------------------------------------------=
---------
Trojans
-----------------------------------------------------------------=
---------
JS.StartPage Minimal [1]=
Script
JS.StartPage is a Trojan horse program, which alters the default=
home page
of Microsoft Internet Explorer. It sometimes arrives as a file=
with the
.hta extension. This file is an HTML application, and it runs=
only if the
Windows Scripting Host is installed.
When JS.StartPage is executed, it makes changes to the following=
registry
key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start=
Page
To remove this Trojan:
1. Run LiveUpdate to make sure that you have the most recent=
virus
definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan,=
making sure
that NAV is set to scan all files.
3. Delete any files detected as JS.StartPage.
4. Start Internet Explorer, and reset the home page to one of=
your
preference.
http://www.sarc.com/avcenter/venc/data/js.startpage.html
by: Serghei Sevcenco
SARC, APAC
-----------------------------------------------------------------=
---------
Visit The Symantec Enterprise Security Web Site
-----------------------------------------------------------------=
---------
Visit the Symantec Enterprise Security web site;
http://enterprisesecurity.symantec.com/
Recent headlines include:
Cyber Terror Threatens UK's Biggest Companies; The Guardian=
(London)
http://enterprisesecurity.symantec.com/content.cfm?articleid=3D676
U.S. Legislature Eyes Cybersecurity - Effort Aims to Boost Public=
Trust
in Internet; Computerworld
http://enterprisesecurity.symantec.com/content.cfm?articleid=3D677
Denial-of-Service attacks are becoming more common, and your Web=
site
could be a target. Find out what you can do to stay protected in=
our
latest feature article, "Ten Steps to Protect Your Enterprise=
from DoS
Attacks."
http://enterprisesecurity.symantec.com/article.cfm?articleid=3D659
Get the latest enterprise security news delivered straight to=
your inbox.
Register for Symantec's free Enterprise Security newsletters.
https://enterprisesecurity.symantec.com/Content/Subscribe.cfm
-----------------------------------------------------------------=
---------
W32.Magistr.24876 at mm Severe=
[4] Win32
-----------------------------------------------------------------=
---------
W32.Magistr.24876 at mm is a polymorphically encrypted, entry=
point-obscuring,
anti-heuristic, anti-debugging, memory resident, parasitic=
infector of
Portable Executable .EXE and .SCR files, with replication across=
the local
area network, mass-mailing capabilities using its own SMTP=
engine, some
highly destructive payloads, an interesting visual effect... and=
a number
of bugs.
As an anti-heuristic device, files infected with W32/Magistr do=
not have
their entry point altered. Instead, the virus will save the first=
512
bytes of code, and replace them with polymorphic garbage which=
includes
subroutines, jumps, and some Structured Exception Handling tricks=
to
interfere with debuggers and code emulators.
The virus will search for .DOC and .TXT files and take words from=
one of
these files for the mail subject and body. It will address the=
mail to up
to 100 recipients whose names are taken from the Windows Address=
Books
(*.WAB), Outlook Message stores (*.DBX, *.MBX), and the Netscape=
Messenger
mail files, and attach an infected .EXE or .SCR.
The virus will occasionally copy an infected file into the=
Windows
directory and add a "run=3D" line to WIN.INI or alter the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run=
key in the
registry to point to the infected file.
The virus will search local hard drives and shared network=
directories and
infect .EXE and .SCR files. If the Windows directory is located,=
then a
"run=3D" line will be added to WIN.INI. It is similar to the=
replication
mechanism of the W32/Cholera worm or the W32/Funlove virus.
After one month, the first payload might activate. This payload=
appears to
have been adapted from W32/Kriz or W95/CIH. Under Windows 9x and=
Windows Me,
it will erase the contents of the CMOS memory and flash BIOS, and=
overwrite
a single sector on the first hard disk. Under all platforms, it=
will delete
one in every twenty-five files on every local hard drive and=
shared network
directory, and overwrite every other file with some text.
After two months, the second payload will activate which will=
reposition
the desktop icons whenever the mouse pointer approaches, giving=
the
impression that the icons are "running away" from the mouse.
[Editors Note:The complete article includes a detailed technical=
description of this virus and will be published in the May=
Edition of
Virus Bulletin, and the SARC web site at http://www.sarc.com/, a=
short
description and removal instructions are also on the site,
http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@mm.html]=
by Peter Ferrie
SARC, APAC
-----------------------------------------------------------------=
---------
Proactive Detection of Script based viruses and worms
-----------------------------------------------------------------=
---------
Virus writers increasingly use scripting technologies such as=
JavaScript
and VBScript to infect computer systems. Script Blocking=
technology in
Norton AntiVirus 2001 v 7.07 monitors scripts and alerts users of=
virus-like malicious behavior, stopping these viruses before they=
can
infect a system. Some of the most famous and prevalent viruses=
are script
based. For example, VBS.LoveLetterA, VBS.SST at mm, and=
VBS.BubbleBoy.
Script Blocking is a proactive technology that detects script=
based
viruses and worms without the need for signatures. Customers will=
now have
protection against certain types of viruses even before virus=
definitions
have been made available. This technology runs in the background=
and works
in real-time. It is able to detect and stop malicious behavior by=
monitoring objects used by the Windows Scripting Host. It also=
prevents
Outlook from being remotely controlled. This closes the=
vulnerability
Microsoft's Visual Basic Script (VBS) and Java Script (JScript)=
have
opened.
By default none of these objects may be used via a script. This=
prevents
worms like LoveLetter from mass mailing themselves. The specific=
Outlook
behavior that is forbidden is the enumeration of the address book=
coupled
with sending mail. A script or application may do either, but not=
both.
NAV 2001 v7 can be configured to exclude such non-malicious=
activity by
adding these scripts to an exclusion list or using a machine=
specific
authorisation code.
by Mark Kennedy
SARC, USA.
-----------------------------------------------------------------=
---------
Top Reported Viruses, Trojans and Worms
Following is a list of the top reported viruses to SARC's=
regional offices.
- Asia Pacific
W95.MTX
W95.Hybris
Wscript.KakWorm
W32.HLLW.Bymer
W32.FunLove.4099
W32.Navidad
W32.HLLW.Qaz
W32.Magistr.24876 at mm
VBS.LoveLetter
VBS.Network
- Europe
W95.Hybris
W95.MTX
Wscript.KakWorm
W32.HLLW.Bymer
VBS.LoveLetter
VBS.Tam.A
W32.Navidad
W97.Satt.A
Happy99.Worm
W32.Magistr.24876 at mm
- Japan
W95.Hybris
W95.MTX
W32.HLLW.Bymer
W32.HLLW.Qaz.A
Happy99.Worm
W32.Magistr.24876 at mm
VBS.LoveLetter
VBS.Network
Wscript.KakWorm
W32.Navidad
- USA
W95.Hybris
Wscript.KakWorm
W95.MTX
W32.HLLW.Bymer
VBS.LoveLetter
VBS.SST at mm
VBS.Sorry
HLLP.Krile.4768
VBS.Stages.A
W32.Navidad
-----------------------------------------------------------------=
---------
New Virus Hoaxes reported to Symantec
http://www.sarc.com/avcenter/hoax.html
Foot N Mouth Virus Warning
-----------------------------------------------------------------=
---------
No New Joke Programs reported to Symantec this month.
http://www.sarc.com/avcenter/jokes.html
-----------------------------------------------------------------=
---------------
Top 20 Consolidated Global Threats - by SecurityPortal
http://securityportal.com/research/virus/virustop20.html
W32.Hybris
W32.Magistr at mm
W95.MTX
W32.Navidad
VBS.LoveLetter
W97M.Marker
VBS.KakWorm
W32.Funlove
W97M.Ethan
VBS.SST at mm
W32.HLLW.Bymer
W95.CIH
PWSteal.Trojan
W32.Prolin
W32.Naked at mm
(Troj_Nakedwife)
W97M.Thus.A
W95.Spaces
W97.Class
W32.Kriz
Happy99.Worm
(alias W32.Ska)
-----------------------------------------------------------------=
---------
SARC now has Removal Tools for the following threats available on=
the web
site at:
http://www.sarc.com/avcenter/tools.list.html
W32.HybrisF
W32.Kriz
W32.Navidad
W32.HLLW.QAZ.A
W95.MTX
W32.FunLove.4099
Wscript.Kakworm
Wscript.Kakworm.B
Happy99.Worm
VBS.Loveletter
PrettyPark.Worm
VBS.Stages.A
W2K.Stream
AOL.Trojan.32512
W95.CIH
Worm.ExploreZip
-----------------------------------------------------------------=
---------
SARC Glossary for definitions of viruses, Trojans and worms and=
more.
http://www.sarc.com/avcenter/refa.html
-----------------------------------------------------------------=
---------
Contacts
-----------------------------------------------------------------=
---------
Correspondence by email to: sarc at symantec.com no unsubscribe or=
support
emails please.
Send virus samples to: avsubmit at symantec.com
Newsletter Archive:=
http://www.symantec.com/avcenter/sarcnewsletters.html
-----------------------------------------------------------------=
---------
Subscribe and Unsubscribe
-----------------------------------------------------------------=
---------
To be added or removed from the subscription mailing list, please=
fill out
the form available on the SARC website at:
http://www.symantec.com/help/subscribe.html
SARC AntiVirus News Update is published periodically by Symantec=
Corporation. No reprint without permission in writing, in=
advance.
-----------------------------------------------------------------=
---------
Copyright =A9 1996-2001 Symantec Corporation. All rights reserved.=
-----------------------------------------------------------------=
---------
--68153787
Content-Type: text/html
Content-Transfer-Encoding: Quoted-Printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
=09<META HTTP-EQUIV=3D"Content-Type"=
CONTENT=3D"text/html;CHARSET=3Diso-8859-1">
=09<TITLE>SARC AntiVirus Newsletter</TITLE>
=09<STYLE TYPE=3D"text/css">
=09<!--
=09.news=09 {
=09=09=09Font-Family : Arial, Helvetica ;
=09=09=09Color : #000066 ;
=09=09=09Text-Decoration : None
=09=09}
=09-->
=09</STYLE>
</HEAD>
<BODY BACKGROUND=3D"../../images/draft.jpg">
<FORM=
ACTION=3D"http://www.symantec.com/avcenter/cgi-bin/newsletter.cgi"=
METHOD=3D"POST" ENCTYPE=3D"application/x-www-form-urlencoded">
<CENTER>
<P>
<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0" WIDTH=3D"94%"=
HEIGHT=3D"2933">
=09<TR>
=09=09<TD VALIGN=3D"MIDDLE" ROWSPAN=3D"2" COLSPAN=3D"2" BGCOLOR=3D"black">
=09=09=09<P ALIGN=3D"CENTER">
=09=09</TD>
=09=09<TD VALIGN=3D"MIDDLE" ROWSPAN=3D"2" BGCOLOR=3D"black">
=09=09=09<P ALIGN=3D"CENTER"><A HREF=3D"http://www.symantec.com/"=
target=3D"_blank"><SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"5" COLOR=3D"white" FACE=3D"Times New=
Roman">symantec</FONT></SPAN></A><B><SPAN STYLE=3D"Font-Size :=
6pt"><FONT
=09=09=09COLOR=3D"white" FACE=3D"Arial Narrow">TM</FONT></SPAN></B>
=09=09</TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD VALIGN=3D"MIDDLE" ROWSPAN=3D"2" COLSPAN=3D"2" BGCOLOR=3D"black">
=09=09=09<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0"=
WIDTH=3D"100%">
=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"65%"><FONT SIZE=3D"4" COLOR=3D"white" FACE=3D"Arial,=
Helvetica"> Symantec AntiVirus Research Centre</FONT></TD>
=09=09=09=09=09<TD WIDTH=3D"18%"> </TD>
=09=09=09=09=09<TD WIDTH=3D"17%" VALIGN=3D"MIDDLE">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><SUP><SPAN STYLE=3D"Font-Size : 9pt"><FONT=
COLOR=3D"white">ISSN 1444-9994</FONT></SPAN></SUP>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
=09=09=09</TABLE>
=09=09</TD>
=09=09<TD WIDTH=3D"4" VALIGN=3D"TOP" ROWSPAN=3D"2"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"2" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"2" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" BGCOLOR=3D"black"> </TD>
=09=09<TD VALIGN=3D"TOP" COLSPAN=3D"3" BGCOLOR=3D"#FFCC00">
=09=09=09<P ALIGN=3D"CENTER"><B><A HREF=3D"http://www.sarc.com/"><SPAN=
STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica"><BR>
=09=09=09SARC Home Page</FONT></SPAN></A></B>
=09=09</TD>
=09=09<TD VALIGN=3D"MIDDLE" COLSPAN=3D"3" BGCOLOR=3D"#70BC1F">
=09=09=09<P ALIGN=3D"CENTER"><B><FONT COLOR=3D"black" FACE=3D"Arial,=
Helvetica">April 2001 Newsletter</FONT></B>
=09=09</TD>
=09=09<TD WIDTH=3D"2%" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"212" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"212" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD VALIGN=3D"TOP" ROWSPAN=3D"16" BGCOLOR=3D"#FFCC00">
=09=09=09<P ALIGN=3D"CENTER"><BR>
=09=09=09<FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">These are the most=
reported Viruses, Trojans and Worms to SARC's offices
=09=09=09during the last month.</FONT></P>
=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Top Global Threats<BR>
=09=09=09</FONT></B><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.=
html"><SPAN CLASS=3D"news"><FONT SIZE=3D"2"
=09=09=09FACE=3D"Arial, Helvetica">W95.Hybris</FONT></SPAN></A><SPAN=
CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W95.MTX</FONT></SPAN></A><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/wscript.kakworm=
.html"><SPAN CLASS=3D"news"><FONT SIZE=3D"2"
=09=09=09FACE=3D"Arial, Helvetica">Wscript.KakWorm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.bymer.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W32.HLLW.Bymer<BR>
=09=09=09</FONT></SPAN></A></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.sst@mm.html=
"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.SST at mm<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.loveletter.=
a.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">VBS.LoveLetter<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.navidad.168=
96.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Navidad</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.loveletter.=
a.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">Happy99.Worm<BR>
=09=09=09</FONT><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@m=
m.html"><SPAN CLASS=3D"news"><FONT SIZE=3D"2"
=09=09=09FACE=3D"Arial,=
Helvetica">W32.Magistr.24876 at mm</FONT></SPAN></A><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.vbswg.gen.h=
tml"><SPAN CLASS=3D"news"><FONT SIZE=3D"2"
=09=09=09FACE=3D"Arial,=
Helvetica">VBS.Vbswg.gen</FONT></SPAN></A></SPAN></SPAN></SPAN><=
/P>
=09=09=09<P ALIGN=3D"CENTER"><SPAN CLASS=3D"news"><B><SPAN=
STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Asia
=09=09=09Pacific<BR>
=09=09=09</FONT></SPAN></B><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W95.MTX</FONT></SPAN></A></SPAN><B><SPAN=
STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></B><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W95.Hybris<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/wscript.kakworm=
.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Wscript.KakWorm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.bymer.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.HLLW.Bymer</FONT></SPAN></A></SPAN></SPAN><A=
HREF=3D"http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=3D10797=
"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09W32.FunLove.4099<BR>
=09=09=09</FONT></A><SPAN CLASS=3D"news"><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.navidad.168=
96.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Navidad</FONT></SPAN></A></SPAN></SPAN><SPAN=
STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN><SPAN CLASS=3D"news"><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.qaz.a.=
html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.HLLW.Qaz</FONT></SPAN></A></SPAN></SPAN><SPAN=
STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN><SPAN CLASS=3D"news"><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@m=
m.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Magistr.24876 at mm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.loveletter.=
a.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.LoveLetter<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.network.htm=
l"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.Network<BR>
=09=09=09</FONT></SPAN></A></SPAN></SPAN><SPAN STYLE=3D"Text-Decoration :=
None"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN><B><SPAN STYLE=3D"Text-Decoration : None"><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica">Europe</FONT></SPAN></B><SPAN
=09=09=09STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica"><BR>
=09=09=09</FONT></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W95.Hybris<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W95.MTX<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/wscript.kakworm=
.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Wscript.KakWorm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.bymer.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W32.HLLW.Bymer<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.loveletter.=
a.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.LoveLetter<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.tam.a.html"=
><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">VBS.Tam.A</FONT></SPAN></A></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.navidad.168=
96.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Navidad<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">W97.Satt.A</FONT></SPAN></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/happy99.worm.ht=
ml"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Happy99.Worm</FONT></SPAN></A></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@m=
m.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Magistr.24876 at mm</FONT></SPAN></A></SPAN></SPAN><=
SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09<BR>
=09=09=09</FONT></SPAN><B><SPAN STYLE=3D"Text-Decoration : None"><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica">Japan<BR>
=09=09=09</FONT></SPAN></B><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W95.Hybris<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W95.MTX<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.bymer.=
html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.HLLW.Bymer</FONT></SPAN></A></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.qaz.a.=
html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.HLLW.Qaz.A<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/happy99.worm.ht=
ml"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">Happy99.Worm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@m=
m.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W32.Magistr.24876 at mm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.loveletter.=
a.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.LoveLetter<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.network.htm=
l"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.Network<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/wscript.kakworm=
.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">Wscript.KakWorm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.navidad.168=
96.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Navidad</FONT></SPAN></A></SPAN></SPAN></SPAN></P=
>
=09=09=09<P ALIGN=3D"CENTER"><SPAN CLASS=3D"news"><B><SPAN=
STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">USA<BR>
=09=09=09</FONT></SPAN></B><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.=
html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W95.Hybris</FONT></SPAN></A><B><SPAN=
STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2"
=09=09=09FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></B><SPAN CLASS=3D"news"><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/wscript.kakworm=
.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Wscript.KakWorm<BR>
=09=09=09</FONT></SPAN></A></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w95.mtx.html"><=
SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">W95.MTX<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.hllw.bymer.=
html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.HLLW.Bymer<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.loveletter.=
a.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">VBS.LoveLetter</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/wscript.kakworm=
.html"><SPAN
=09=09=09CLASS=3D"news"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.sst@mm.html=
"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.SST at mm<BR>
=09=09=09</FONT></SPAN></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/vbs.sorry.c.htm=
l"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.Sorry<BR>
=09=09=09</FONT></SPAN></A><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=3D29510=
"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">HLLP.Krile.4768<BR>
=09=09=09VBS.Stages.A<BR>
=09=09=09</FONT></A><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/w32.navidad.168=
96.html"><SPAN CLASS=3D"news"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Navidad</FONT></SPAN></A></SPAN></SPAN></SPAN></P=
>
=09=09=09<CENTER>
=09=09=09<P>
<HR ALIGN=3D"CENTER">
</P>
</CENTER>
=09=09=09<P>
=09=09=09<CENTER>
=09=09=09<P>
=09=09=09<TABLE BORDER=3D"0" CELLSPACING=3D"1" WIDTH=3D"94%" HEIGHT=3D"456">
=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"100%" VALIGN=3D"TOP" BGCOLOR=3D"#660099">
=09=09=09=09=09=09<CENTER>
=09=09=09=09=09=09<P>
=09=09=09=09=09=09<TABLE BORDER=3D"0" CELLSPACING=3D"0" WIDTH=3D"100%"=
HEIGHT=3D"80%">
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09=09=09=09<TD WIDTH=3D"100%" HEIGHT=3D"16" VALIGN=3D"MIDDLE"=
BGCOLOR=3D"black">
=09=09=09=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" COLOR=3D"#FFFF66"=
FACE=3D"Arial, Helvetica">Top 20 <BR>
=09=09=09=09=09=09=09=09=09Consolidated <BR>
=09=09=09=09=09=09=09=09=09Global Threats</FONT></B>
=09=09=09=09=09=09=09=09</TD>
=09=09=09=09=09=09=09</TR>
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09=09=09=09<TD WIDTH=3D"100%">
=09=09=09=09=09=09=09=09=09<P ALIGN=3D"CENTER"><A=
HREF=3D"http://securityportal.com/research/virus/virustop20.html"=
target=3D"_blank"><B><SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09=09=09=09=09=09=09SIZE=3D"2" COLOR=3D"#FFFBF0" FACE=3D"Arial, Helvetica">By=
</FONT></SPAN><FONT SIZE=3D"2" COLOR=3D"#FFFBF0" FACE=3D"Arial,=
Helvetica">SecurityPortal</FONT></B></A>
=09=09=09=09=09=09=09=09</TD>
=09=09=09=09=09=09=09</TR>
=09=09=09=09=09=09=09<TR BGCOLOR=3D"#FFCC00">
=09=09=09=09=09=09=09=09<TD WIDTH=3D"100%" HEIGHT=3D"366" VALIGN=3D"TOP" NOWRAP>
=09=09=09=09=09=09=09=09=09<P ALIGN=3D"CENTER"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.Hybris<BR>
=09=09=09=09=09=09=09=09=09W32.Magistr at mm<BR>
=09=09=09=09=09=09=09=09=09W95.MTX<BR>
=09=09=09=09=09=09=09=09=09W32.Navidad<BR>
=09=09=09=09=09=09=09=09=09VBS.LoveLetter<BR>
=09=09=09=09=09=09=09=09=09W97M.Marker<BR>
=09=09=09=09=09=09=09=09=09VBS.KakWorm<BR>
=09=09=09=09=09=09=09=09=09W32.Funlove<BR>
=09=09=09=09=09=09=09=09=09W97M.Ethan<BR>
=09=09=09=09=09=09=09=09=09VBS.SST at mm<BR>
=09=09=09=09=09=09=09=09=09W32.HLLW.Bymer<BR>
=09=09=09=09=09=09=09=09=09W95.CIH<BR>
=09=09=09=09=09=09=09=09=09PWSteal.Trojan<BR>
=09=09=09=09=09=09=09=09=09W32.Prolin<BR>
=09=09=09=09=09=09=09=09=09W32.Naked at mm<BR>
=09=09=09=09=09=09=09=09=09</FONT><FONT SIZE=3D"1" COLOR=3D"#CC66FF" FACE=3D"Arial,=
Helvetica">(Troj_Nakedwife)</FONT><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica"><BR>
=09=09=09=09=09=09=09=09=09W97M.Thus.A<BR>
=09=09=09=09=09=09=09=09=09W95.Spaces<BR>
=09=09=09=09=09=09=09=09=09W97.Class<BR>
=09=09=09=09=09=09=09=09=09W32.Kriz<BR>
=09=09=09=09=09=09=09=09=09Happy99.Worm<BR>
=09=09=09=09=09=09=09=09=09</FONT><FONT SIZE=3D"1" COLOR=3D"#CC66FF" FACE=3D"Arial,=
Helvetica">(alias W32.Ska)</FONT>
=09=09=09=09=09=09=09=09</TD>
=09=09=09=09=09=09=09</TR>
=09=09=09=09=09=09</TABLE>
</CENTER>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
=09=09=09</TABLE>
<SPAN CLASS=3D"news"><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/wscript.kakworm.htm=
l"><SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</A></FONT></SPAN></A></SPAN><SPAN STYLE=3D"Text-Decoration :=
None"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">
<HR ALIGN=3D"CENTER">
</FONT></SPAN><SPAN CLASS=3D"news"><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/wscript.kakworm.htm=
l"><SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><B><A=
HREF=3D"http://www.sarc.com/avcenter/tools.list.html"><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica">Removal
=09=09=09Tools</FONT></A><FONT SIZE=3D"2" COLOR=3D"black" FACE=3D"Arial,=
Helvetica"> for...<BR>
=09=09=09</FONT></B><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/wscript.kakworm.htm=
l"><SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT></SPAN></A><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">W32.HybrisF<BR>
=09=09=09W32.Kriz<BR>
=09=09=09W32.Navidad<BR>
=09=09=09W32.HLLW.QAZ.A<BR>
=09=09=09W95.MTX<BR>
=09=09=09W32.FunLove.4099<BR>
=09=09=09Wscript.Kakworm<BR>
=09=09=09Wscript.Kakworm.B<BR>
=09=09=09Happy99.Worm<BR>
=09=09=09VBS.Loveletter<BR>
=09=09=09PrettyPark.Worm<BR>
=09=09=09VBS.Stages.A<BR>
=09=09=09W2K.Stream<BR>
=09=09=09AOL.Trojan.32512<BR>
=09=09=09W95.CIH<BR>
=09=09=09Worm.ExploreZip</FONT></SPAN></P>
=09=09=09<P>
<HR ALIGN=3D"CENTER">
<SPAN CLASS=3D"news"><A=
HREF=3D"http://www.sarc.com/avcenter/hoax.html"><B><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica"><BR>
=09=09=09New Virus Hoaxes</FONT></B></A><B><SPAN STYLE=3D"Text-Decoration=
: None"><FONT SIZE=3D"2" COLOR=3D"black" FACE=3D"Arial, Helvetica">
=09=09=09<BR>
=09=09=09reported to Symantec</FONT></SPAN></B></SPAN></P>
=09=09=09<P><SPAN CLASS=3D"news"><B><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/foot.n.mouth.virus.=
warning.html"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">Foot N Mouth Virus=
Warning</FONT></A><SPAN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" COLOR=3D"black" FACE=3D"Arial, Helvetica"><BR>
=09=09=09 <BR>
=09=09=09</FONT></SPAN></B><A=
HREF=3D"http://www.symantec.com/avcenter/venc/data/the.new.ice.age=
.hoax.html"><FONT SIZE=3D"2"
=09=09=09FACE=3D"Arial, Helvetica"></FONT></A></SPAN></P>
=09=09=09<P>
<HR ALIGN=3D"CENTER">
<SPAN CLASS=3D"news"><SPAN STYLE=3D"Text-Decoration : None"><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica"> </FONT></SPAN><B><SPAN
=09=09=09STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica"><BR>
=09=09=09</FONT></SPAN><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">No New=
</FONT><A HREF=3D"http://www.sarc.com/avcenter/jokes.html"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">Joke Programs=
</FONT></A><SPAN STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica"><BR>
=09=09=09reported to Symantec this month</FONT></SPAN></B><SPAN=
STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica"><BR>
=09=09=09</FONT></SPAN></SPAN><SPAN STYLE=3D"Text-Decoration :=
None"><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">
<HR ALIGN=3D"CENTER">
</FONT></SPAN>
</CENTER>
=09=09</TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"212" BGCOLOR=3D"#FFCC00">
=09=09=09<P ALIGN=3D"RIGHT">
=09=09</TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"212" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"212" VALIGN=3D"TOP" BORDER=3D"0"><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica">Those of you that follow the=
threats listed in the sidebar would have noticed
=09=09=09that there's been a fairly big shake up over the last month.=
W32.Magistr.24876 at mm moved up to level 4 (Severe)
=09=09=09because we have seen a sharp rise in the number of reported=
incidents of this worm and virus hybrid. FunLove has
=09=09=09returned to the Asia Pacific top ten and others have either=
dropped out of the listings or appeared for the first
=09=09=09time.<BR>
=09=09=09<BR>
=09=09=09We usually get increased levels of virus and worm activity=
around Easter time and I expect this year to be no different,
=09=09=09let's just hope that we don't see another Melissa or=
LoveLetter level incident. VBS worms are very common and still
=09=09=09pose a major threat to many organisations and individuals=
alike. Symantec recently release a script blocking feature
=09=09=09in our consumer product NAV 2001 v7 and I asked the lead=
developer Mark Kennedy to write a short </FONT><A=
HREF=3D"#scripting"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">article</FONT></A><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica"> on this for us.<BR>
=09=09=09<BR>
=09=09=09</FONT><SPAN STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">David Banes.<BR>
=09=09=09Editor, </FONT></SPAN><A HREF=3D"mailto:sarc at symantec.com"><SPAN=
STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">sarc at symantec.com</FONT></SPAN></A></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"212" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"212" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFFFCC"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" VALIGN=3D"TOP"=
BGCOLOR=3D"#FFFFCC"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFFFCC"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD HEIGHT=3D"20" COLSPAN=3D"2" BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2"=
COLOR=3D"black" FACE=3D"Arial, Helvetica">Worms</FONT></B></TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"192" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"192" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"192" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"192" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"192" VALIGN=3D"TOP" BGCOLOR=3D"white">
=09=09=09<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0"=
WIDTH=3D"100%">
<tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"67%" BGCOLOR=3D"#353DB3"><B><FONT SIZE=3D"2"=
COLOR=3D"white" FACE=3D"Arial,=
Helvetica">VBS.Pleh.A at mm</FONT></B></TD>
=09=09=09=09=09<TD WIDTH=3D"21%" BGCOLOR=3D"#FF6600">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" COLOR=3D"white"=
FACE=3D"Arial, Helvetica">Medium [3]</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09=09<TD WIDTH=3D"12%" BGCOLOR=3D"#70BC1F">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Script</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
</tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09</TABLE>
<FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">VBS.Pleh.A at mm sends itself=
to email addresses in the Microsoft Outlook address
=09=09=09book. It overwrites files on local and remote drives,=
including files with the extensions .mp3, .pwd, .exe, .mp2,
=09=09=09.doc, .avi, .mpeg, or .htm. The contents of these files are=
replaced with the source code of the worm, destroying
=09=09=09the original contents. <BR>
=09=09=09<BR>
=09=09=09Removing this worm is complicated please visit the web page=
linked to below for detailed instructions.<BR>
=09=09=09<BR>
=09=09=09</FONT><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/vbs.pleh.a@mm.html"=
><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://www.sarc.com/avcenter/venc/data/vbs.pleh.a@mm.=
html</FONT></A><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09by: Douglas Knowles <BR>
=09=09=09SARC, USA<BR>
=09=09=09<BR>
=09=09=09
=09=09=09<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0"=
WIDTH=3D"100%">
<tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"67%" BGCOLOR=3D"#353DB3"><B><FONT SIZE=3D"2"=
COLOR=3D"white" FACE=3D"Arial,=
Helvetica">VBS.Futonik.A at mm</FONT></B></TD>
=09=09=09=09=09<TD WIDTH=3D"21%" BGCOLOR=3D"#FF6600">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" COLOR=3D"white"=
FACE=3D"Arial, Helvetica">Low [2]</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09=09<TD WIDTH=3D"12%" BGCOLOR=3D"#70BC1F">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Script</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
</tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09</TABLE>
VBS.Futonik.A at mm sends itself to email addresses in the Microsoft=
Outlook address book. It overwrites files on
=09=09=09local and remote drives, including files with the extensions=
.vbs, .vbe, .js, .txt, .bmp, .htm, .html, .gif, .jpg,
=09=09=09and .htt. The contents of most of these files are replaced=
with the source code of the worm, destroying the original
=09=09=09contents. <BR>
=09=09=09<BR>
=09=09=09NOTE: Due to a bug in the virus code, in some cases files with=
the extensions .hta, .htt, .htm, .html, or .asp
=09=09=09will be infected by the worm, instead of being overwritten. If=
this happens, the viral code will execute prior
=09=09=09to executing the original file.<BR>
=09=09=09<BR>
=09=09=09VBS.Futonik.A at mm also infects the Microsoft Word global=
template, Normal.dot.<BR>
=09=09=09<BR>
=09=09=09</FONT><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/vbs.futonik.a@mm.ht=
ml"><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://www.sarc.com/avcenter/venc/data/vbs.futonik.a@=
mm.html<BR>
=09=09=09</FONT></A><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">by: Douglas=
Knowles <BR>
=09=09=09SARC, USA</FONT></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"192" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"192" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica"> </FONT></TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" VALIGN=3D"TOP"=
BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2" COLOR=3D"black" FACE=3D"Arial,=
Helvetica">Viruses</FONT></B></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"180" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"180" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"180" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"180"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"180" VALIGN=3D"TOP" BGCOLOR=3D"white">
=09=09=09<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0"=
WIDTH=3D"100%">
<tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"69%" BGCOLOR=3D"#353DB3"><B><FONT SIZE=3D"2"=
COLOR=3D"white" FACE=3D"Arial, Helvetica">BW.770.B</FONT></B></TD>
=09=09=09=09=09<TD WIDTH=3D"19%" BGCOLOR=3D"#FF6600">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" COLOR=3D"white"=
FACE=3D"Arial, Helvetica">Minimal [1]</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09=09<TD WIDTH=3D"12%" BGCOLOR=3D"#70BC1F">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">DOS</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
</tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09</TABLE>
<FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">BW.770.B is a virus that=
infects DOS .exe and .com files. It is 770 bytes
=09=09=09in size, and it appears to have been created with the=
"Biological Warfare" virus creation kit . The virus
=09=09=09appears to have been modified manually after being created=
with the kit. BW.770.B can be inserted on your system
=09=09=09by the "futs" hackers tool. <BR>
=09=09=09<BR>
=09=09=09NOTE: This virus was previously detected as=
Bloodhound.Filestring. All viruses that can be created with the=
Biological
=09=09=09Warfare virus creation kit will be detected by Norton=
AntiVirus.<BR>
=09=09=09<BR>
=09=09=09</FONT><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/bw.770.b.html"><FON=
T SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://www.sarc.com/avcenter/venc/data/bw.770.b.html<=
/FONT></A><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09by: Neal Hindocha<BR>
=09=09=09SARC, EMEA</FONT></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"180"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"180" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2"=
COLOR=3D"black" FACE=3D"Arial, Helvetica">Trojans</FONT></B></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"196" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"196" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"196" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"196"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"196" VALIGN=3D"TOP" BGCOLOR=3D"white">
=09=09=09<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0"=
WIDTH=3D"100%">
<tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"67%" BGCOLOR=3D"#353DB3"><B><FONT SIZE=3D"2"=
COLOR=3D"white" FACE=3D"Arial,=
Helvetica">JS.StartPage</FONT></B></TD>
=09=09=09=09=09<TD WIDTH=3D"21%" BGCOLOR=3D"#FF6600">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" COLOR=3D"white"=
FACE=3D"Arial, Helvetica">Minimal [1]</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09=09<TD WIDTH=3D"12%" BGCOLOR=3D"#70BC1F">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Script</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
</tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09</TABLE>
<FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">JS.StartPage is a Trojan=
horse program, which alters the default home page
=09=09=09of Microsoft Internet Explorer. It sometimes arrives as a file=
with the .hta extension. This file is an HTML application,
=09=09=09and it runs only if the Windows Scripting Host is installed.=
<BR>
=09=09=09<BR>
=09=09=09When JS.StartPage is executed, it makes changes to the=
following registry key:<BR>
=09=09=09<BR>
=09=09=09HKEY_CURRENT_USER\Software\Microsoft\Internet=
Explorer\Main\Start Page<BR>
=09=09=09<BR>
=09=09=09To remove this Trojan:<BR>
=09=09=09<BR>
=09=09=091. Run LiveUpdate to make sure that you have the most recent=
virus definitions.<BR>
=09=09=092. Start Norton AntiVirus (NAV), and run a full system scan,=
making sure that NAV is set to scan all files.<BR>
=09=09=093. Delete any files detected as JS.StartPage.<BR>
=09=09=094. Start Internet Explorer, and reset the home page to one of=
your preference.<BR>
=09=09=09<BR>
=09=09=09</FONT><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/js.startpage.html">=
<FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://www.sarc.com/avcenter/venc/data/js.startpage.h=
tml<BR>
=09=09=09<BR>
=09=09=09</FONT></A><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">by: Serghei=
Sevcenco<BR>
=09=09=09SARC, APAC</FONT></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"196"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"196" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">Symantec Enterprise=
Security</FONT></B></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"202" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"202" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"202" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"202" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"202" VALIGN=3D"TOP"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">Visit the Symantec Enterprise Security=
web site; </FONT><A HREF=3D"
http://enterprisesecurity.symantec.com/"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://enterprisesecurity.symantec.com/</FONT></A><FO=
NT SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09<BR>
=09=09=09Recent headlines include:<BR>
=09=09=09Cyber Terror Threatens UK's Biggest Companies; The Guardian=
(London)<BR>
=09=09=09</FONT><A HREF=3D"
http://enterprisesecurity.symantec.com/content.cfm?articleid=3D676"=
><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://enterprisesecurity.symantec.com/content.cfm?ar=
ticleid=3D676</FONT></A><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09<BR>
=09=09=09U.S. Legislature Eyes Cybersecurity - Effort Aims to Boost=
Public Trust in Internet; Computerworld<BR>
=09=09=09</FONT><A HREF=3D"
http://enterprisesecurity.symantec.com/content.cfm?articleid=3D677"=
><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://enterprisesecurity.symantec.com/content.cfm?ar=
ticleid=3D677</FONT></A><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09<BR>
=09=09=09Denial-of-Service attacks are becoming more common, and your=
Web site could be a target. Find out what you can
=09=09=09do to stay protected in our latest feature article, "Ten=
Steps to Protect Your Enterprise from DoS Attacks."<BR>
=09=09=09</FONT><A HREF=3D"
http://enterprisesecurity.symantec.com/article.cfm?articleid=3D659"=
><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://enterprisesecurity.symantec.com/article.cfm?ar=
ticleid=3D659</FONT></A><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"><BR>
=09=09=09<BR>
=09=09=09Get the latest enterprise security news delivered straight to=
your inbox.Register for Symantec's free Enterprise
=09=09=09Security newsletters.<BR>
=09=09=09</FONT><A HREF=3D"
https://enterprisesecurity.symantec.com/Content/Subscribe.cfm"><F=
ONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">https://enterprisesecurity.symantec.com/Content/Subsc=
ribe.cfm </FONT></A></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"202" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"202" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"><A=
NAME=3D"magistr"></A></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00">
=09=09=09<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0"=
WIDTH=3D"98%">
<tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"67%" BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2"=
COLOR=3D"black" FACE=3D"Arial,=
Helvetica">W32.Magistr.24876 at mm</FONT></B></TD>
=09=09=09=09=09<TD WIDTH=3D"21%" BGCOLOR=3D"#FF6600">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" COLOR=3D"white"=
FACE=3D"Arial, Helvetica">Severe [4]</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09=09<TD WIDTH=3D"12%" BGCOLOR=3D"#70BC1F">
=09=09=09=09=09=09<P ALIGN=3D"CENTER"><B><FONT SIZE=3D"2" FACE=3D"Arial,=
Helvetica">Win32</FONT></B>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
</tbody>
=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=
=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09=09</TABLE>
=09=09</TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"544" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"544" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"544" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"544"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"544" VALIGN=3D"TOP" BGCOLOR=3D"white"><FONT=
SIZE=3D"2" FACE=3D"Arial, Helvetica">W32.Magistr.24876 at mm is a=
polymorphically encrypted, entry point-obscuring,
=09=09=09anti-heuristic, anti-debugging, memory resident, parasitic=
infector of Portable Executable .EXE and .SCR files,
=09=09=09with replication across the local area network, mass-mailing=
capabilities using its own SMTP engine, some highly
=09=09=09destructive payloads, an interesting visual effect... and a=
number of bugs.<BR>
=09=09=09<BR>
=09=09=09As an anti-heuristic device, files infected with W32/Magistr=
do not have their entry point altered. Instead, the
=09=09=09virus will save the first 512 bytes of code, and replace them=
with polymorphic garbage which includes subroutines,
=09=09=09jumps, and some Structured Exception Handling tricks to=
interfere with debuggers and code emulators.<BR>
=09=09=09<BR>
=09=09=09The virus will search for .DOC and .TXT files and take words=
from one of these files for the mail subject and body.
=09=09=09It will address the mail to up to 100 recipients whose names=
are taken from the Windows Address Books (*.WAB),
=09=09=09Outlook Message stores (*.DBX, *.MBX), and the Netscape=
Messenger mail files, and attach an infected .EXE or .SCR.<BR>
=09=09=09<BR>
=09=09=09The virus will occasionally copy an infected file into the=
Windows directory and add a "run=3D" line to
=09=09=09WIN.INI or alter the=
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run=
key in the registry to point
=09=09=09to the infected file.<BR>
=09=09=09<BR>
=09=09=09The virus will search local hard drives and shared network=
directories and infect .EXE and .SCR files. If the Windows
=09=09=09directory is located, then a "run=3D" line will be=
added to WIN.INI. It is similar to the replication mechanism
=09=09=09of the W32/Cholera worm or the W32/Funlove virus.<BR>
=09=09=09<BR>
=09=09=09After one month, the first payload might activate. This=
payload appears to have been adapted from W32/Kriz or W95/CIH.
=09=09=09Under Windows 9x and Windows Me, it will erase the contents of=
the CMOS memory and flash BIOS, and overwrite a
=09=09=09single sector on the first hard disk. Under all platforms, it=
will delete one in every twenty-five files on every
=09=09=09local hard drive and shared network directory, and overwrite=
every other file with some text.<BR>
=09=09=09<BR>
=09=09=09After two months, the second payload will activate which will=
reposition the desktop icons whenever the mouse pointer
=09=09=09approaches, giving the impression that the icons are=
"running away" from the mouse.<BR>
=09=09=09<BR>
=09=09=09[</FONT><I><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">Editors=
Note:The complete article includes a detailed technical
=09=09=09description of this virus and will be published in the May=
Edition of Virus Bulletin, and the SARC web site at
=09=09=09http://www.sarc.com/, a short description and removal=
instructions are also on the site, </FONT></I><A=
HREF=3D"http://www.sarc.com/avcenter/venc/data/w32.magistr.24876@m=
m.html"><I><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial,=
Helvetica">http://www.sarc.com/avcenter/venc/data/w32.magistr.24=
876 at mm.html</FONT></I></A><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">].<BR>
=09=09=09<BR>
=09=09=09by Peter Ferrie<BR>
=09=09=09SARC, APAC</FONT></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"544"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"544" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" BGCOLOR=3D"#FFFBF0"> <A=
NAME=3D"scripting"></A></TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"80%" BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">Proactive Detection of Script based=
viruses and worms</FONT></B></TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"2%" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"248" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"248" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD HEIGHT=3D"248" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"248" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"248"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"248" VALIGN=3D"TOP"><FONT SIZE=3D"2"=
FACE=3D"Arial, Helvetica">Virus writers increasingly use scripting=
technologies such as JavaScript
=09=09=09and VBScript to infect computer systems. Script Blocking=
technology in Norton AntiVirus 2001 v 7.07 monitors scripts
=09=09=09and alerts users of virus-like malicious behavior, stopping=
these viruses before they can infect a system. Some
=09=09=09of the most famous and prevalent viruses are script based. For=
example, VBS.LoveLetterA, VBS.SST at mm, and VBS.BubbleBoy.<BR>
=09=09=09<BR>
=09=09=09Script Blocking is a proactive technology that detects script=
based viruses and worms without the need for signatures.
=09=09=09Customers will now have protection against certain types of=
viruses even before virus definitions have been made
=09=09=09available. This technology runs in the background and works in=
real-time. It is able to detect and stop malicious
=09=09=09behavior by monitoring objects used by the Windows Scripting=
Host. It also prevents Outlook from being remotely
=09=09=09controlled. This closes the vulnerability Microsoft's Visual=
Basic Script (VBS) and Java Script (JScript) have
=09=09=09opened. <BR>
=09=09=09<BR>
=09=09=09By default none of these objects may be used via a script.=
This prevents worms like LoveLetter from mass mailing
=09=09=09themselves. The specific Outlook behavior that is forbidden is=
the enumeration of the address book coupled with
=09=09=09sending mail. A script or application may do either, but not=
both. NAV 2001 v7 can be configured to exclude such
=09=09=09non-malicious activity by adding these scripts to an exclusion=
list or using a machine specific authorisation code.<BR>
=09=09=09<BR>
=09=09=09by Mark Kennedy<BR>
=09=09=09SARC, USA.</FONT></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"248"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"248" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD VALIGN=3D"BOTTOM" ROWSPAN=3D"7" BGCOLOR=3D"#FFCC00">
=09=09=09<CENTER>
=09=09=09<P><INPUT TYPE=3D"HIDDEN" NAME=3D"region" SIZE=3D"-1" VALUE=3D"EN">=
<INPUT TYPE=3D"HIDDEN" NAME=3D"mode" SIZE=3D"-1" VALUE=3D"unsub">
=09=09=09<INPUT TYPE=3D"HIDDEN" NAME=3D"version" SIZE=3D"-1" VALUE=3D"html">
=09=09=09<TABLE BORDER=3D"0" WIDTH=3D"122" BGCOLOR=3D"#FFCC00">
=09=09=09=09<CAPTION>
=09=09=09=09=09<P><B><FONT SIZE=3D"2" COLOR=3D"#CC0000" FACE=3D"Arial,=
Helvetica">Unsubscribe</FONT></B>
=09=09=09=09</CAPTION>
=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"112">
=09=09=09=09=09=09<CENTER>
=09=09=09=09=09=09<P><B><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">First=
name:<BR>
=09=09=09=09=09=09</FONT></B><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><INPUT=
TYPE=3D"TEXT" NAME=3D"fname" SIZE=3D"12"></FONT>
</CENTER>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"112">
=09=09=09=09=09=09<CENTER>
=09=09=09=09=09=09<P><B><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">Last=
name:<BR>
=09=09=09=09=09=09</FONT></B><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><INPUT=
TYPE=3D"TEXT" NAME=3D"lname" SIZE=3D"12"></FONT>
</CENTER>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"112">
=09=09=09=09=09=09<CENTER>
=09=09=09=09=09=09<P><B><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica">Email=
address:<BR>
=09=09=09=09=09=09</FONT></B><FONT SIZE=3D"2" FACE=3D"Arial, Helvetica"><INPUT=
TYPE=3D"TEXT" NAME=3D"email" SIZE=3D"12"></FONT>
</CENTER>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
=09=09=09=09<TR>
=09=09=09=09=09<TD WIDTH=3D"112">
=09=09=09=09=09=09<CENTER>
=09=09=09=09=09=09<P><INPUT TYPE=3D"SUBMIT" VALUE=3D"Unsubscribe">
</CENTER>
=09=09=09=09=09</TD>
=09=09=09=09</TR>
=09=09=09</TABLE>
<HR ALIGN=3D"CENTER">
</CENTER>
=09=09</TD>
=09=09<TD WIDTH=3D"6" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" VALIGN=3D"TOP" BGCOLOR=3D"white"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"2%" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" BGCOLOR=3D"#70BC1F"> </TD>
=09=09<TD WIDTH=3D"80%" BGCOLOR=3D"#70BC1F">
=09=09=09<P ALIGN=3D"CENTER"><A=
HREF=3D"http://www.sarc.com/avcenter/refa.html"><B><SPAN=
STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica">SARC=
Glossary</FONT></SPAN></B></A><B><SPAN STYLE=3D"Text-Decoration :=
None"><FONT
=09=09=09SIZE=3D"2" FACE=3D"Arial, Helvetica"> for definitions of viruses,=
Trojans and worms and more.</FONT></SPAN></B>
=09=09</TD>
=09=09<TD WIDTH=3D"4" BGCOLOR=3D"#70BC1F"> </TD>
=09=09<TD WIDTH=3D"2%" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"><B><FONT SIZE=3D"2"=
COLOR=3D"black" FACE=3D"Arial, Helvetica">Contacts and=
Subscriptions</FONT></B></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"48" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"48" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"48" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"48" BGCOLOR=3D"white"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"48" VALIGN=3D"TOP" BGCOLOR=3D"white"><FONT=
SIZE=3D"1" FACE=3D"Arial, Helvetica">Correspondence by email to:=
</FONT><A HREF=3D"mailto:sarc at symantec.com"><SPAN
=09=09=09STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"1" FACE=3D"Arial,=
Helvetica">sarc at symantec.com</FONT></SPAN></A><SPAN
=09=09=09STYLE=3D"Text-Decoration : None"><FONT SIZE=3D"1" FACE=3D"Arial,=
Helvetica">, no unsubscribe or support emails please.<BR>
=09=09=09Follow </FONT></SPAN><A=
HREF=3D"http://www.sarc.com/avcenter/newsletter_regions/en.html"><=
FONT SIZE=3D"1" FACE=3D"Arial, Helvetica">this
=09=09=09link</FONT></A><SPAN STYLE=3D"Text-Decoration : None"><FONT=
SIZE=3D"1" FACE=3D"Arial, Helvetica"> to unsubscribe or change
=09=09=09your subscription type. <BR>
=09=09=09Send virus samples to: </FONT></SPAN><A=
HREF=3D"mailto:avsubmit at symantec.com"><SPAN STYLE=3D"Text-Decoration=
: None"><FONT
=09=09=09SIZE=3D"1" FACE=3D"Arial, Helvetica">avsubmit at symantec.com<BR>
=09=09=09</FONT></SPAN></A><SPAN STYLE=3D"Text-Decoration : None"><FONT=
SIZE=3D"1" FACE=3D"Arial, Helvetica">Newsletter Archive:
=09=09=09</FONT></SPAN><A=
HREF=3D"http://www.symantec.com/avcenter/sarcnewsletters.html"><SP=
AN STYLE=3D"Text-Decoration : None"><FONT
=09=09=09SIZE=3D"1" FACE=3D"Arial,=
Helvetica">http://www.symantec.com/avcenter/sarcnewsletters.html=
</FONT></SPAN></A></TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"48" BGCOLOR=3D"white"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"48" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"20" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"20" BGCOLOR=3D"#70BC1F">
=09=09=09<P ALIGN=3D"CENTER"><FONT FACE=3D"Arial, Helvetica"> </FONT>
=09=09</TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"20" BGCOLOR=3D"#70BC1F"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"20" BGCOLOR=3D"#70BC1F"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"20" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"86" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"86" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"86" BGCOLOR=3D"#FFCC00"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"86" VALIGN=3D"BOTTOM"=
BGCOLOR=3D"#FFFBF0"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"86" BGCOLOR=3D"#FFFBF0">
=09=09=09<P ALIGN=3D"CENTER"><FONT SIZE=3D"1" COLOR=3D"#000099" FACE=3D"Arial,=
Helvetica">This is a Symantec Corporation publication,
=09=09=09use of requires permission in advance from Symantec.=
</FONT><FONT SIZE=3D"1" FACE=3D"Arial, Helvetica"><BR>
=09=09=09</FONT><FONT SIZE=3D"1" COLOR=3D"#003399" FACE=3D"Arial,=
Helvetica">All information contained in this newsletter is=
accurate
=09=09=09and valid as of the date of issue.<BR>
=09=09=09Copyright © 1996-2001 Symantec Corporation. All rights=
reserved.</FONT>
=09=09</TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"86"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"86" BGCOLOR=3D"black"> </TD>
=09</TR>
=09<TR>
=09=09<TD WIDTH=3D"19" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD HEIGHT=3D"84" VALIGN=3D"TOP" BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"6" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"1%" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"80%" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"4" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09=09<TD WIDTH=3D"2%" HEIGHT=3D"84" VALIGN=3D"TOP"=
BGCOLOR=3D"black"> </TD>
=09</TR>
</TABLE>
</CENTER>
<P>
</FORM>
</BODY>
</HTML>
--68153787--
--------------420C237FE85D69DE777C4880--
More information about the clue-tech
mailing list