[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VIRUS ALERT

To: omega-list@xxxxxxxxxx
Subject: VIRUS ALERT
From: robert.cummings@xxxxxxxxxxxxxxxx
Date: Sat, 25 Nov 2000 01:55:00 -0800

PureBytes Links

Trading Reference Links

A new Internet worm, dubbed Romeo and Juliet, has been given a
low-risk rating by antivirus software companies after it was
discovered last week.

The Trojan horse program, which is hidden in an HTML (hypertext
markup language) format e-mail message, carries two attached files
that are executed automatically when an infected message is opened
on PCs running Microsoft Corp.'s Windows operating system and
e-mail client software such as Outlook.

Unlike the ILOVEYOU Trojan horse program which carried a
destructive load that created havoc throughout the world in May,
Romeo and Juliet is not spreading very quickly and does not contain
a critically-dangerous payload. It has been given a low-risk rating by
leading antivirus companies including Computer Associates
International Inc., F-Secure Corp., Network Associates Inc.'s
McAfee AVERT (Anti-Virus Emergency Response Team) unit and
Trend Micro Inc.
Although this is a low-risk virus in terms of
destruction it is representative of the danger of e-mails of this type.
The danger is that it is not necessary to open an attachment in order
for an infection to occur.

Romeo and Juliet, also known as Verona or BleBla, arrives in an
e-mail message with one of the following subject lines:

"Romeo&Juliet,"
":)))))),"
"hello world,"
"!!??!?!?,"
"subject,"
"ble bla, bee,"
"I Love You;),"
"sorry...,"
"Hey you !,"
"Matrix has you...,"
"my picture" or
"from shake-beer."

When the e-mail message is opened, Windows automatically activates
a script that allows the program to drop the attached MyJuliet.chm
file which then executes the other attached file, called MyRomeo.exe,
that is capable of spreading itself to all e-mail addresses listed in the
Windows Address Book via six SMTP (simple mail transfer protocol)
servers located in Poland, where the virus was first discovered on
Nov. 16.

More information about Romeo and Juliet, and protection advice, can
be found on the antivirus companies' Web sites.

Computer Associates, in Islandia, New York, can be reached at
http://www.cai.com/.
F-Secure, in Espoo, Finland, can be reached online at
http://www.f-secure.com/.
Network Associates, in Santa Clara, California, is reached via the Web
http://www.nai.com/.
Trend Micro, with headquarters in Tokyo, Japan, can be reached at its North
American office in Cupertino, California, at http://www.antivirus.com/.


Robert

Follow-Ups:
- Re: VIRUS ALERT
  - From: Ron Augustine
- Re: VIRUS ALERT
  - From: Gary Fritz

Prev by Date: Re: SO_Security alert
Next by Date: Re: Indicator works in TS4 but not in TS2000
Previous by thread: Virus Alert
Next by thread: Re: VIRUS ALERT
Index(es):
- Date
- Thread