Date: Tue, 01 Oct 2002 17:36:17 -0400 From: "Michael Walsh" <MJW at mail.press.jhu.edu> To: <wsfalist at keithlynch.net> Subject: [WSFA] FYI: Two new email worms for PC users to beware of Reply-To: WSFA members <WSFAlist at keithlynch.net> The following is from the JHUP IS Dept . . . . Two new mass-mailing worms are spreading rapidly, and we seem to be = receiving copies of at least one of them. Unfortunately, neither seems to = be easily recognizable, so please be extra cautious about clicking on = email attachments unless the email looks legitimate, you are expecting the = attachment, and the attachment looks like what you expected to receive. = If you have any doubts about a particular email, call Information Systems. So far as I know, Norton Antivirus for Email is keeping these worms out of = our GroupWise system, but if you check your email through any other = method, the worm could get through. I could find no description of the emails that carry the first, W32.Opaserv= .Worm. According to the McAfee antivirus website, the second, W32.Bugbear at = MM, "emails itself to addresses found on the local system. The virus code = contains email subject strings and attachment names. However, the majority = of samples received contain information not present in the virus. = Suggesting that there is a higher probability of the virus using words and = filenames contained on the infected system. Possible message subject lines = include the following (however, other random subject lines are also = possible): 25 merchants and rising Announcement bad news CALL FOR INFORMATION! click on this! Correction of errors Cows Daily Email Reminder empty account fantastic free shipping! Get 8 FREE issues - no risk! Get a FREE gift! Greets! Hello! Hi! history screen hmm.. I need help about script!!! Interesting... Introduction its easy Just a reminder Lost & Found Market Update Report Membership Confirmation My eBay ads New bonus in your cash account New Contests new reading News Payment notices Please Help... Re: $150 FREE Bonus! Report SCAM alert!!! Sponsors needed Stats Today Only Tools For Your Online Business update various Warning! wow! Your Gift Your News Alert The message body varies and may contain fragments of files found on the = victim's system. The attachment name also varies, but may contain the = following strings: Card Docs image images music news photo pics readme resume Setup song video It is common for the attachment name to contain a double-extension (ie. = .doc.pif)."