March 3, 11:19 a.m.   -- W32.Beagle.K@mm

A new virus W32.Beagle.K@mm has been identified today by our anti-virus provider, Symantec. Currently, we are waiting for new virus definitions to be provided by Symantec to prevent this virus. We expect the virus definitions to be available fairly soon. However, to prevent further spread of this virus, we will be quarantining all .zip file extensions until we can update the virus definitions.

We have had email enter the Hospital email system with this virus. The email will look similar to the email below and contain a .zip attachment. Please DO NOT open the attachment, delete these emails. Please pass this information on to all hospital employees.

  Dear user of "Mcvh-vcu.edu" mailing system,

We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.

Further details can be obtained from attached file.

For security purposes the attached file is password protected. Password is "80600".

Kind regards,

The Mcvh-vcu.edu team http://www.mcvh-vcu.edu

  

Your continued understanding and support will help us provide you a safe and secure working environment.

 

 

Feb. 25, 6:06 PM  -- W32.Netsky.B@mm

The Information Services Department is currently monitoring a new mass-mailing worm named W32.Netsky.C@mm. Much like the most recent viruses, W32.Netsky.C@mm "spoofs" e-mail addresses, so return e-mails, such as "undeliverable" notices, are being sent to unsuspecting third parties around the Internet. So, if you receive a returned e-mail that you did not author do not be alarmed, just delete the email.

W32.Netsky.C is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning hard drives and mapped drives. This worm also searches drives C through Z for the folder names containing "Shar," and then copies itself to those folders.

The Virus definitions are currently being updated on all the Hospital Workstations. The Hospital Lotus Email system has updated the virus definitions and has scanned all mail files for this virus. Emails may have been removed from your mail file if a virus was detected and quarantined. No new emails with this virus will be able to enter the Hospital Email system.

NOTE: The Hospital Email System currently does not accept attachments with the following file extensions: pif, exe, scr, vbs, vbx, sys, com, bat, dll, dbx, eml, hlp, htm, and mht. The W32.Netsky.C@mm virus, as well as the last 6 most recent viruses, was emailed with .ZIP file extensions, which we currently do allow into the Hospital Email System. The Lotus Email Team continually assesses our vulnerability to viruses stemming from email attachment with .zip file extensions. It is our goal not to reject .zip file extensions, but this will only be possible if our users use caution when opening emails that contain attachments with .zip file extension. The best rule for attachments is not to open attachments unless you are expecting them.

In this day of advanced viruses, we will need to be more pro-active to prevent our organization for being adversely affected. Thus, we will continue to limit the types of attachments we allow into the organization, and will continue to scan all emails for malicious code. Your continued understanding and support will help us provide you a safe and secure working environment.

 

Feb. 18, 6:06 PM  -- W32.Netsky.B@mm

The VCU Health System has been subjected to a Mass-Mailing worm (W32.Netsky.B@mm) that uses its own SMTP engine (protocol to send mail over the internet) to attach files to e-mail addresses and hard drives. It also searches for Shared drives for access and storage.

NOTE: We updated our workstation client and server definitions from Symantec (specific software to catch the worm or virus) this morning at 10:00 AM but the definition update from Symantec to catch this worm was not available until this afternoon. We were also subjected to the worm around 2:30 PM this afternoon.

Please Notify All Staff: DO NOT OPEN ATTACHMENTS ON ANY Work or Personal E-MAIL account, SHARED OR HOME DRIVE IF IT MEETS THE FOLLOWING CRITERIA! DELETE the message immediately!

Most of the files begin something like the following:

Subject:
(One of the following)		 Message:
(One of the following)		 Attachment Name:
(One of the following)

  • hi

  • hello

  • read it immediately

  • something for you

  • warning

  • information

  • stolen

  • fake

  • unknown

  • anything OK?

  • what does it mean?

  • ok

  • i'm waiting

  • read the details.

  • here is the document.

  • read it immediately!

  • my hero

  • here

  • is that true?

  • is that your name?

  • is that your account?

  • i wait for a reply!

  • is that from you?

  • you are a bad writer

  • I have your password!

  • something about you!

  • kill the writer of this document!

  • i hope it is not true!

  • your name is wrong

  • i found this document about you

  • yes, really?

  • that is bad

  • here it is

  • see you

  • greetings

  • stuff about you?

  • something is going wrong!

  • information about you

  • about me

  • from the chatter

  • here, the serials

  • here, the introduction

  • here, the cheats

  • that's funny

  • do you?

  • reply

  • take it easy

  • why?

  • thats wrong

  • misc

  • you earn money

  • you feel the same

  • you try to steal

  • you are bad

  • something is going wrong

  • something is fool

  • document

  • msg

  • doc

  • talk

  • message

  • creditcard

  • details

  • attachment

  • me

  • stuff

  • posting

  • textfile

  • concert

  • information

  • note

  • bill

  • swimmingpool

  • product

  • topseller

  • ps

  • shower

  • aboutyou

  • nomoney

  • found

  • story

  • mails

  • website

  • friend

  • jokes

  • location

  • final

  • release

  • dinner

  • ranking

  • object

  • mail2

  • part2

  • disco

  • party

  • misc

Please Note that you may not see the .exe extension for the executable files.

THE FOLLOWING FILES ARE SENT:

The worm places the following files on shared drives and sends e-mail attachments with them.

We will be taking the Shared and Home drives down immediately to clean infected directories containing the following files.

doom2.doc.pif sex sex sex sex.doc.exe rfc compilation.doc.exe dictionary.doc.exe
win longhorn.doc.exe e.book.doc.exe programming basics.doc.exe how to hack.doc.exe
max payne 2.crack.exe e-book.archive.doc.exe virii.scr nero.7.exe
eminem - lick my pussy.mp3.pif cool screensaver.scr serial.txt.exe office_crack.exe
hardcore porn.jpg.exe angels.pif porno.scr matrix.scr
photoshop 9 crack.exe strippoker.exe dolly_buster.jpg.pif winxp_crack.exe

If you have any questions, please call the help desk at 828-6447.

Go To Top

Maintained by: Amy Herrmann, Information Systems
Revised: March 03, 2004

 

Prevention Tips
Virus Calendar
Virus Hoaxes
Glossary