the virus comes as an attachment claiming to be a screensaver. here is an exact copy of the message i recieved...
(sorry about the language in the attachment, but i figured that i should leave just how i got it)anoukzeinstra
----- Original Message -----
From: "urfriend" < [email protected] >
To: < [email protected] >
Sent: Sun,16 Feb 2003 22:01:52 PM
Subject: Cool stuff to ur friends
attachment: fucker.scr
This e-mail is never sent unsolicited. If you need to unsubscribe,
follow the instructions at the bottom of the message.
***********************************************************
Enjoy this friendship Screen Saver and Check ur friends circle...
Send this screensaver from www.shakinglove.com to everyone you
consider a FRIEND, even if it means sending it back to the person
who sent it to you. If it comes back to you, then you'll know you
have a circle of friends.
* To remove yourself from this mailing list, point your browser to:
http://shakinglove.com/remove?freescreensaver
* Enter your email address ([email protected]) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "REMOVE" in the subject line.
This message was sent to address [email protected]
X-PMG-Recipient: [email protected]
<>>> <>>> <>>> <>>> <>>> <>>> <>>> <>>> <>>> <>>>
please not how this email tries to look professional in this line...
i haven't checked this site yet (not till i get my old computer on the net) but i can almost garuntee you that the site given is also infected, and with the good old charms of HTML and JAVA, the virus could be downloaded to your computer without your knowledge.* To remove yourself from this mailing list, point your browser to:
http://shakinglove.com/remove?freescreensaver
* Enter your email address ([email protected]) in the field provided and click "Unsubscribe".
OR...
* Reply to this message with the word "REMOVE" in the subject line.
Do NOT be fooled by the sender name, for it (just like the Klez@mm virus) has the ability to create a random sender name. Also, like the Klez@mm virus, it attempts to whack out your antivirus program. The virus in this email IS picked up by hotmail's antivirus scanning program, but if you are using Outlook or Yahoo or whatever, chances are it won't.
-------------------------------------------------------------------------------------
brief overview...
NAME:
Macaffee knows it as: W32/YAHA.G@MM
Norton knows it as: w32.YAHA.F@MM
trend: WORM_YAHA.E
Vexira: Worm/Lentin.F
F-Secure: Yaha.E
Sophos: W32/Yaha-E
TYPE: worm
systems NOT affected: Macintosh, UNIX, Linux
-------------------------------------------------------------------------------------
for more info on...
this virus visit:
http://securityresponse.symantec.com/av ... [email protected]
the Yaha removal tool visit:
http://securityresponse.symantec.com/av ... .tool.html
the w32.klez virus visit:
http://securityresponse.symantec.com/av ... [email protected]
-------------------------------------------------------------------------------------
Richard
PS: idea for new forum: Virus Alert. I can post info on viruses that i have encountered, or do research on viruses that other people have and want removed.
