Guest guest Posted December 19, 2001 Report Share Posted December 19, 2001 A new virus that Symantec has identified as genuine...see http://securityresponse.symantec.com/avcenter/venc/data/w32.reeezak.amm (DOT) htm l *************************************88 Reeezak worm offers holiday jeers By Sam Costello, IDG News Service (Dec. 19, 2001) A new mass-mailer worm that offers New Year's greetings and what appears to be a Christmas-related animation but actually attempts to delete large portions of the Windows operating system was spreading in Europe today, according to a virus alert by Computer Associates International Inc. The worm, called Reeezak, appears in in-boxes with the subject line " Hi and a message that reads " I can't describe my feelings, but all I can say is Happy New Year :-) Bye, " according to Ian Hameroff, business manager for security solutions at CA in Islandia, N.Y. An attachment called Christmas.exe accompanies the e-mail and appears to be a Macromedia Inc. Flash animation, Hameroff said. When the attachment is double-clicked, the worm sends itself to all addresses listed in the user's address book and tries to delete all the files in the Windows directory as well as disabling some keys on the keyboard, he said. The worm only affects users of Microsoft Corp.'s Outlook or Outlook Express e-mail clients, according to Hameroff. Though the worm has shown up only in Europe so far, as the business day begins in the U.S., copies of it will likely begin to appear in corporate mailboxes, Hameroff said. Other antivirus companies report different effects from double-clicking on Reeezak. Symantec Corp., in a virus alert posted on its Web site, said the worm also tries to spread using the mIRC (Internet Relay Chat) application or through shared folders. Symantec also reported that the worm attempts to delete antivirus programs. To avoid infection, users are cautioned not to open unexpected attachments, and companies should block many e-mail attachments, including .exe files. Users should also check with their antivirus vendor for updated virus protection. ************************* Symantec says...... W32.Reeezak.A@mm Discovered on: December 19, 2001 Last Updated on: December 19, 2001 at 05:45:33 AM PST W32.Reeezak.A@mm is a mass-mailing worm that uses Microsoft Outlook and MSN Messenger. The worm will have the following characteristics: Subject: Hii Body: I can't describe my feelings But all i can say is Happy New Year bye Attachment: Christmas.exe In addition, the worm modifies the Internet Explorer start page to a malicious homepage. This webpage uses an Internet Explorer exploit to create a VBScript file on the system which then spreads itself via network shares and mIRC. The script file also attempts to delete common antivirus products. Symantec Security Response is currently analyzing this worm. Also Known As: W32.Zacker.C@mm, W32.Maldal.C@mm Type: Worm Infection Length: 37,376 Virus Definitions: December 19, 2001 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.