Date: Thu, 07 Mar 2002 10:20:03 -0500
From: "Michael Walsh" <MJW at mail.press.jhu.edu>
To: <WSFAlist at keithlynch.net>
Subject: [WSFA] Worm news
Reply-To: WSFA members <WSFAlist at keithlynch.net>

This is from the JHUPress IS dept, they have never sent out a false-alarm =
or a warning about a fake virus.

Can't imagine why Keith is happy about being Microsoft free . . . look at =
all of the "fun" he's missing . . . <g>.

Anyway, here's the news:

This one is not yet highly rated by Symantec, but it's sneaky enough to =
justify sending advance warning.

According to Symantec, "W32.Gibe at mm is a worm that uses Microsoft Outlook =
and its own SMTP engine to spread. This worm arrives in an email message--w=
hich is disguised as a Microsoft Internet Security Update--as the =
attachment Q216309.exe."

"The fake message, which is not from Microsoft, has the following =
characteristics:

From: Microsoft Corporation Security Center
Subject: [WSFA] Internet Security Update
Message:
Microsoft Customer,
this is the latest version of security update, the update which eliminates =
all known security vulnerabilities affecting Internet Explorer and MS =
Outlook/Express as well as six new vulnerabilities
.
.
.
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item."

Norton Antivirus for Email Gateways should now be protecting our Groupwise =
system from this worm, but if you check email at work using any other =
method, the worm could get through. As always, please beware of attachments=
 unless you are expecting them and know exactly what they are.  At home =
and at work, beware of running attached executable (program) files that =
are attached to emails!