ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Winevar worm on the loose

Graham Hayday Silicon.com

Published: 27 Nov 2002 17:21 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Antivirus vendors are warning email users to watch out for a fast-spreading and potentially destructive worm, known as WORM_WINEVAR.

According to Trend Micro several cases have already been reported in France and Spain. MessageLabs first spotted the worm on 22 November and has seen around 300 copies in the last 24 hours.

It runs on all Windows platforms and propagates itself using its own Simple Mail Transfer Protocol (SMPT) engine, and sends emails to addresses it gathers from HTML files on the infected system.

According to Sophos, infected emails are likely to have the following characteristics:

From: (defaults to "AntiVirus")
Subject: (defaults to "Trand Microsoft Inc.")
Message text: " - "
Attached files:
- WINXXXX.TXT (12.6 KB) MUSIC_1.HTM
- WINXXXX.GIF (120 BYTES) MUSIC_2.CEO
- WINXXXX.PIF

The worm sends email using a known exploit that causes the attachment to automatically execute when the message is viewed or previewed on Internet Explorer-based email clients, such as Microsoft Outlook and Outlook Express.

It is capable of terminating certain monitoring programs and antivirus products from memory.

If an infected machine is restarted, WINEVAR displays the message: "Make a fool of oneself: What a foolish thing you've done!"

If the 'OK' button is pressed the worm deletes all deletable files in all folders.

Raimund Genes, president of European operations, Trend Micro, said in a statement: "This illustrates that computer users should not be lulled into a false sense of security by the relative lack of virus activity over the last few months. This time the virus writers have hit back with a particularly destructive worm, against which users can protect themselves -- by deploying an up-to-date anti-virus software and by being vigilant."

Antivirus firms such as Symantec, Kaspersky and Sophos have posted further information and protection. See your antivirus vendor's Web site for more information.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
46 out of 95 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

McAffee Anti-Virus Rollout Engineer (Field Based)

My West Midlands based client has a requirement for 2 Engineers to rollout McAfee Anti-Virus on to 600+ desktops at multiple sites throughout the ...

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS,

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS, - Lambeth - 2198 RM helps to push the boundaries of technology to ...

IBM Websphere Message Broker- Flow Developer- ESQL JAVA

IBM Websphere Message Broker (WBIMB) Flow Developer (ESQL or JAVA) urgently required by my West Midlands client for a short term contract. You will ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

1 comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers