Virus Warnings from July 2000
______________________________________________________________
[Jump to Amiga] [Jump to Windows] [Jump to Mac] [Jump to Misc]
______________________________________________________________
Amiga
No virus warnings from July 2000
Top of Page
Windows
Date: July 30, 2000
CAI Newsletter Date: July 28, 2000
Platform: PC
Warning About: WScript/Kak.B worm (aka Kak.B and Days)
Report From: CAI
* Release Note: Kak.B is a variant of the original
wide-spread Kak.A worm that appeared in late 1999.
Kak.A and Kak.B are Outlook spreading e-mail worms
that exploit a security hole in Internet Explorer 4
and 5. The worm arrives in an e-mail without
attachment and is invoked by just reading the e-mail.
The worm installs its code as Outlook signature and
will attach itself mostly unnoticed to any outgoing
e-mail. It is frequently found in infected messages
on the Usenet newsgroups.
* Click for CAI Virus Information Center
* Click for CAI Managing Virus Incidents
Date: July 26, 2000
NAI Posting Date: July 24, 2000
Platform: PC
Warning About: W97M/Timeless Macro Virus
Report From: NAI
* Release Note: This virus is a class module macro virus
that infects Word97/2000 documents and templates, and
contains a date activated payload.
* Click for NAI Report on W97M/Timeless
Date: July 26, 2000
NAI Posting Date: July 21, 2000
Platform: MS Windows
Warning About: W32/Dilbert Internet Worm
Report From: NAI
* Release Note: This is a dangerous Internet worm which
also carries four date activated payloads of dropping
copies of other viruses. This worm may arrive via email
as an attachment named "dilbertdance.jpg.exe".
* Click for NAI Report on W32/Dilbert Internet Worm
Date: July 26, 2000
CIAC Posting Date: July 21, 2000
Platform: Microsoft Excel 2000, Microsoft PowerPoint 97
and 2000 and Microsoft Internet Explorer 5.5,
5.01 SP1, 5.01, 4.01 SP2
Warning About: Microsoft "Office HTML" & "IE" Script
Vulnerabilities
Report From: CIAC
* Release Note: The first set of vulnerabilities allows
malicious script code on a web page to cause a remotely
hosted file to be saved on a visiting user's hard drive.
The second vulnerability allows malicious script code
on a web page to execute a VBA macro code in a remotely
hosted file. Apply the patches and the workaround as
outlined in the CIAC K-061 Information Bulletin.
* Click for CIAC Report and Solutions in K-061
Date: July 26, 2000
Posting Date: July 19, 2000
Platform: Users of Outlook Express versions 4.0, 4.01,
5.0, 5.01 and Users of Outlook versions 97,
98, 2000M
Warning About: Outlook Security Bug
Report From: CIAC and AISS
* Release Note: A serious bug has been exposed in Microsoft's
Outlook and Outlook Express e-mail clients. Microsoft has
identified a buffer overflow vulnerability that occurs
when downloading e-mail. The buffer overflow can occur
even if the user does not open or preview the e-mail
message. Upgrade the software as directed in the CIAC
K-060 Information Bulletin.
* Click for CIAC Report on MS E-Mail Header Vulnerability
* Click for AISS Report about Outlook Security Bug
Date: July 7, 2000
Platform: Windows System
Warning About: Nsi: Word 97 macro virus
Report From: F-Secure
* Release Note: Nsi: Word 97 macro virus disables the
built in macro virus protection and replicates during
opening and closing.
* Click for F-Secure Report about Stages VBS worm
Date: July 7, 2000
Platform: Windows System
Warning About: X97M/Divi is an Excel macro virus
Report From: F-Secure
* Release Note: When an infected workbook is opened,
this macro virus creates an infected workbook to the
Excel's startup directory, "BASE5874.XLS".
* Click for F-Secure Report about Excel macro virus
Date: July 5, 2000
Platform: Windows System
Warning About: Jer: VBScript worm
Report From: F-Secure
* Release Note: Once excuted, the worm copies itself to
the Windows System directory as "jer.htm". It modifies
the registry, disables several components from the Windows
desktop, and also replaces the "script.ini" from the mIRC
directory.
* Click for F-Secure Report about Jer: VBScript worm
Date: July 4, 2000
Platform: All Microsoft systems, except for Windows 2000,
running MSIE 4.0 to 5.01
Warning About: MS "Active Setup Download" Vulnerability
Report From: CIAC Information Bulletin K-057 (30-jun-2000)
* Release Note: The Microsoft Active Setup Control has an
internal flaw which allows the downloading of a trusted
'.cab' file to any disk location.
Install the Microsoft patch.
* Click for CIAC Report about Setup Vulnerability
Date: July 4, 2000
Platform: Microsoft Internet Explorer
Notice About: Patch for Active Setup Download Vulnerability
Report From: Microsoft TechNet Security (29-jun-2000)
* Release Note: Microsoft has released a patch that eliminates
a security vulnerability in an ActiveX control that ships
with Microsoft® Internet Explorer. The vulnerability could be
used to overwrite files on the computer of a user who visited
a malicious web site operators site.
* Click for full report at MS about Patch
Top of Page
Macintosh
No virus warnings from July 2000
Top of Page
Miscellaneous
Date: July 25, 2000
Platform: Windows 95 files in PE format.
Warning About: CIH virus infection on the Net * UPDATE
Report From: Charlene, VirusChecker2 List Moderator
* Release Note: I have been unable to find any information
that this is a 'legit' happening, ie. www . download . com
is infected with the CIH virus. I think (personally)
since nothing was found on the security sites about this
latest outbreak on the web site above, all may be okay
there, and not a threat at all. The last CIH warning on
the AISS site was from 24-April-2000, and there has been
no update saying that CIH has been causing problems.
* Click for Network Associates Description of CIH
Date: July 25, 2000
Platform: Possibly any system
Warning About: CIH virus infection on the Net
Report From: Alex, Programmer of VirusCheckerII
* Release Note: I just picked up this note from Alex,
the programmer of the Amiga VirusCheckerII viri
checking program:
: All files from www.download.com are infected
: by the CIH virus.
: don't open just forward
I'm not quite sure what the "don't open just forward"
means, but possibly it means, -not- to go to that
URL, period.
Date: July 12, 2000
Platform: Systems running Microsoft SQL Server 7.0, or
Enterprise Manager
Warning About: MS "DTS Password" Vulnerability
Report From: CIAC Information Bulletin K-059
* Release Note: A malicious user may gain unauthorized
access to an SQL database to review/add/delete
information in the data base.
* Click for CIAC Report about DTS Password Vulnerability
Date: July 12, 2000
Platform: Windows System
Warning About: Stages: Visual Basic Script worm
Report From: F-Secure
* Release Note: VBS/Stages is a mass mailer which
spreads over e-mail in an attachment with SHS
extension.
* Click for F-Secure Report about Stages VBS worm
Date: July 8, 2000
Platform: Windows Scripting Host (WSH)
Warning About: VBS/COD Internet worm
Report From: NAI
* Release Note: This is an Internet worm written in
VBScript and embedded within a Word document. This
worm may arrive by MAPI email or on IRC chat from
infected users. Read the full report for information
and links on how to protect yourself, and recommended
updates.
* Click for NAI Report on VBS/COD Internet worm
Date: July 5, 2000
Platform: Windows System and Outlook
Warning About: Pica: worm written in VBScript
Report From: F-Secure
* Release Note: When executed the worm copies itself to
the Windows System directory as "Ds9.vbs". Then it
modifies the registry, and also the worm will send itself
to every recipient in every addressbook using Outlook.
* Click for F-Secure Report about Pica worm
Date: July 4, 2000
Platform: Windows Scripting Host (WSH)
Warning About: VBS/Pica.g Alias: Sillyworm.vbs
Report From: NAI
* Release Note: This is an Internet worm which can send itself
via MAPI email and to IRC channels via a modified mIRC
configuration file. Visit NAI for Removal Instructions.
* Click for NAI Report on VBS/Pica.g
Back to the Virus Archives page