Virus Warnings from June 2000
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac] [Jump to Misc]
______________________________________________________________
Amiga
Date: June 21, 2000
Platform: Amiga
Warning About: Motaba linkvirus
Report From: Virus Help Denmark
* Release Note: A new linkvirus has been found, it is
named "Motaba" at this time none of the big antivirus
programs can find and remove this virus, But a new
update if "Safe" has been released today (v13.5), and
it can detect this new linkvirus.
* Webmasters Note: Once the new update of "Safe" is
available, it will be announced on the news page, and
available for download on the downloads page. At the
time of the vht-dk notice, the new v13.5 update to Safe
was not available. Sorry.
Date: June 5, 2000
Platform: Amiga
Warning About: TCP Trojan's on the wild
Report From: Virus Help Denmark
* Release Note: Today vht-dk recived information from Zbigniew
`Zeeball` Trzcionkowski the programmer of "SAFE", that there
is some new TCP trojan on the loose. Please read the full text
that Zbigniew wrote, found in the vht-dk89 Read Me file.
So to be sure please check your system for:
LIBS:rexxfunc.library size: 1136
LIBS:rexxfifo.library size: 1136
L:wb.handler size: 4716
C:mount (is bigger)
...and wait for new xvs.library from Alex van Niel.
* Click here for VHT-DK Virus Warning vht-dk89
Top of Page
Windows
Date: June 29, 2000
Platform: PC DOS, and Windows 95/98
Warning About: Trojan.BAT Simpsons
Report From: F-Secure
* Release Note: This is simple BAT trojan that deletes all
files on C:, A:, B: and D: drives. The Simpsons vandal
is a Trojan, usually arriving by e-mail. Only DOS, and
Windows 95/98 can be damaged because this vandal uses the
DOS DELTREE.EXE command, not found in Windows NT/2000.
* Click for F-Secure Report about Simpsons Trojan
* Click for AISS Report about Simpsons Trojan
* Click for NAI Report about Simpsons Trojan
Date: June 29, 2000
Platform: Microsoft Windows NT 4.0, Windows 2000
Warning About: HP Web JetAdmin Vulnerability
Report From: CIAC Information Bulletin K-055
* Release Note: A security vulnerability has been
identified by Hewlett-Packard in which certain
malformed URLS can stop Web JetAdmin 6.0 service.
Install Web JetAdmin 6.0 (6.0.1233)
* Click for CIAC Report about Security Vulnerability
Date: June 28, 2000
Platform: PC
Warning About: Software bugs in Microsoft IE, Outlook
Report From: CNET News.com
* Release Note: Microsoft is investigating a trio of software
bugs that analysts say could open the door to "Love"
bug-grade security scenarios. The security holes affect
combinations of Microsoft products.
* Click for CNET News report about MS Software bugs
Date: June 20, 2000
Platform: PC
Warning About: Life_Stages Worm
Report From: F-Secure
* Release Note: VBS/Stages is a Visual Basic Script
worm. It is a mass mailer which spreads over e-mail
in an attachment with SHS extension.
* It is important to note that, by default, Windows
operating systems are configured to hide the ".SHS"
file extension from the user.
* Click for full report at F-Secure about Life_Stages Worm
Date: June 20, 2000
Platform: PC users of Windows 95/98
Warning About: VBS.Shortcut Vandal
Report From: Aladdin Internet Security Solutions (AISS)
* Release Note: This is a VBScript vandal arriving as an
e-mail attachment like some other recent vandals. It
spreads using MS Outlook.
* Click for full report at AISS about Shortcut Vandal
Date: June 19, 2000
Platform: PC
Warning About: life_stages.txt.shs Infections
Report From: CERT/CC
* Release Note: On June 16th, CERT/CC began to receive
reports of computers running versions of Microsoft
Windows being infected by a malicious program named
"life_stages.txt.shs". This is a Shell Scrap Object
file, typically a file type used with OLE objects,
that contains a malicious VBScript program. It is
important to note that, by default, Windows operating
systems are configured to hide the ".SHS" file extension
from the user.
* Click for full report at CERT about SHS Infections
Date: June 19, 2000
Platform: PC
Warning About: HHCtrl ActiveX Control
Report From: CERT/CC
* Release Note: HHCtrl ActiveX Control Allows Local
Files to be Executed. This HHCtrl ActiveX control
has a serious vulnerability that allows remote
intruders to execute arbitrary code, if the intruder
can cause a compiled help file (CHM) to be stored
"locally."
* Click for full report at CERT about HHCtrl ActiveX Control
Top of Page
Date: June 15, 2000
Platform: PC
Warning About: Fake First Aid 6.03 Upgrade
Report From: NAI
* Release Note: AVERT received a copy of a message which
could be distributed across the Internet containing a
hyperlink to download a "compatibility upgrade" for
First Aid, however the link downloads the remote
access trojan known as Sub7 (BackDoor-G2).
* Click for full report at NAI about Fake First Aid Upgrade
Date: June 15, 2000
Platform: PC
Warning About: Patch for "Desktop Separation" Vulnerability
Report From: Microsoft TechNet Security
* Release Note: Revision - MS has released a patch that
eliminates a securit vulnerability in MS Windows2000.
The vulnerability could allow a malicious user to gain
additional privileges on a machine that he could log
onto at the keyboard.
* Click for full report at MS about Patch
Date: June 14, 2000
Platform: PC
Warning About: Patch for "DTS Password" Vulnerability
Report From: Microsoft TechNet Security
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in a component that ships with
Microsoft. SQL Server 7.0. If the component is configured
improperly, the vulnerability could allow passwords to be
compromised.
* Click for full report at MS about Patch
Date: June 14, 2000
Platform: PC
Warning About: Panther
Report From: F-Secure
* Release Note: W97M/Panther is a Word 97 macro virus,
which infects the global template when an infected
document is opened. Then it disables the built-in
macro virus protection.
* Click for full report at F-Secure about Panther
Date: June 11, 2000
Platform: PC
Warning About: Serbian Vandal
Report From: Aladdin Internet Security Solutions (AISS)
* Release Note: The Serbian-Badman vandal was announced
and discussed extensively in the media, but in practice
it caused no known damages.
* Click for full report at AISS about Serbian Vandal
Top of Page
Date: June 10, 2000
Reported on: June 7, 2000
Platform: PC
Warning About: Melissa Variant: Melissa.AO
Report From: F-Secure
* Release Note: W97M/Melissa.AO uses Outlook to send
email message. The payload activates at 10am on 10th
day of each month when the virus inserts the following
text to the active document: Worm! Let's We Enjoy.
* Click for full report at F-Secure about Melissa
Date: June 9, 2000
Platform: Systems with MIT-derived implementations of the
Kerberos 4 KDC and 5 KDC enabled to handle krb4
ticket requests
Warning About: MIT Kerberos Vulnerable to DoS Attacks
Report From: CERT/CC
* Release Note: The CERT Coordination center posted that MIT
reports of several potential buffer overflow vulnerabilities
in the Kerberos authentication software.
* Click for full report at CERT about Vunerable AttacksE
Date: June 9, 2000
Platform: PC
Warning About: Downloader Variant: LoveLetter.AS
Report From: F-Secure
* Release Note: Downloader trojan was found on 7 June 2000.
It has been posted to several newsgroups as
"QuickFlick.mpg.exe".
* Click for full report at F-Secure abot Downloader
Date: June 9, 2000
Platform: PC
Warning About: LoveLetter Variant: LoveLetter.AS
Report From: F-Secure
* Release Note: VBS/LoveLetter.AS spreads messages with
the following certain characteristics. This variant has
an additional payload. It activates September 17th.
* Click for full report at F-Secure about LoveLetter
Date: June 8, 2000
Platform: PC
Warning About: VBS/Gorum.a
Report From: NAI
* Release Note: NAI says AVERT is analyzing this file and
will have a description shortly.
* Click for full report at NAI about VBS/Gorum.a
Date: June 8, 2000
Platform: PC
Warning About: Remote Registry Access Authentication
Report From: Microsoft TechNet Security
* Release Note: Patch Available for "Remote Registry Access
Authentication " Vulnerability.
* Click for full report at MS about Patch
Top of Page
Date: June 6, 2000
Platform: PC
Warning About: QDel104
Report From: NAI
* Release Note: This Visual Basic program was posted to
a newsgroup as an update to Dr. Web Antivirus. However
it is a file deletion trojan.
* Click for full report at NAI about QDel104
Date: June 6, 2000
Platform: Systems running Microsoft Internet Explorer
Warning About: Inconsistent Warning Messages in Internet Explorer
Report From: CERT/CC
* Release Note: Several flaws exist in Microsoft Internet
Explorer that could allow an attacker to masquerade as a
legitimate web site if the attacker can compromise the
validity of certain DNS information.
* Click for full report at CERT about Warning Messages in MSIE
Date: June 5, 2000
Platform: PC
Warning About: SSL Certificate Validation
Report From: Microsoft TechNet Security
* Release Note: Patch Available for "SSL Certificate
Validation" Vulnerabilities
* Click for full report at MS about Patch
Date: June 2, 2000
Platform: PC
Warning About: HTML Help File Code Execution?
Report From: Microsoft TechNet Security
* Release Note: Patch Available for "HTML Help File Code
Execution? " Vulnerability
* Click for full report at MS about Patch
Date: June 2000
Platform: PC
Warning About: Eudora Light for Windows
Report From: TCFN News, May-June 2000
* Release Note: There could be a potential security
problem with Eudora Light for Windows. While it won't open
attachments automatically, it may disguise a link to an
attachment within the text of a message, so that you could
run a program on your computer without knowing it!
* Click for info and fix at CNet News for Eudora Light
Top of Page
Macintosh
No virus warnings from June 2000
Top of Page
Miscellaneous
Date: June 12, 2000
Platform: PC
Warning About: Potential 'attack' software planted
Report From: ZDNet
* Release Note: Network Security has found software implanted
in thousands of computers that could be activated for a
denial of service attack.
* Click for full report at zdNet about 'attack' software
Date: June 6, 2000
Platform: PC
Warning About: Timofon
Report From: F-Secure
* Release Note: This is a simple VBS e-mail chain letter,
much like the LoveLetter worm. What makes this virus
special is that it sends SMS short messages to GSM phones.
Messages are sent to random numbers via a SMS gateway at
Movistar.net.
* Click for full report at F-Secure about Timofon
Date: June 5, 2000
Warning Released: May 30, 2000
Platform: UNIX
Warning About: Flaw in PGP 5.0 Key Generation
Report From: CERT/CC
* Release Note: UNIX systems having a /dev/random device
running any version of PGP 5.0, including U.S. Commercial,
U.S. Freeware, and International versions. Under certain
circumstances, PGP v5.0 generates keys that are not
sufficiently random, which may allow an attacker to predict
keys and, hence, recover information encrypted with that
key.
* Click for full report at CERT about Flaw in PGP 5.0 Key Generation
Date: June 2, 2000
Platform: UNIX, Windows NT, Windows 95/98:
Warning About: Permissions Problems with FrontPage Extensions
Report From: CIAC Information Bulletin K-048
* Release Note: Permission settings on FrontPage Extensions
may allow defacements of web pages. A remote user may
deface web pages of any given site when the permissions
are not set properly.
* Click for full report at CIAC about MS FrontPage Extensions
Back to the Virus Archives page