A new virus/ worm InoculateIT Personal Edition AntiVirus Newsletter from Computer Associates, Version 01.12 May 2, 2001

[Guest guest]

I just received this update from InoculateIT today and thought I would pass

it on because of all the problems that have been coming up lately. Don't

these people who creat these virus' have any thing better to do? Maybe they

could put their energies into solving the autism question!--Betty

=============================================

E-News: InoculateIT Personal Edition AntiVirus

Newsletter from Computer Associates

Version 01.12 | May 2, 2001

via www: http://esupport.ca.com

=============================================

Table of Contents

- VBS/Helper.Worm

- InoculateIT Personal Edition AntiVirus

Update Number 1200 available

=============================================

VBS/Helper.Worm (also known as VBS.Helper)

=============================================

VBS/Helper.Worm

Helper is a new virus that also has worm

capabilities, found in the wild in China.

It spreads through the OutLook Express mail

client and also infects files with extensions

..HTM and .HTT on the system.

Once activated, the worm creates copies of

itself as HELP.VBS, HELP.HTA, HELP.HTM, and

UNTITLED.HTM under the Windows directory.

It then registers UNTITLED.HTM as Stationary

for Outlook Express by adding the following

registry keys:

HKEY_CURRENT_USER\Identities\ \Software\Microsoft\Outlook

Express\5.0\Mail\, " Message Send HTML "

HKEY_CURRENT_USER\Identities\ \Software\Microsoft\Outlook

Express\5.0\Mail\, " Compose Use Stationery "

HKEY_CURRENT_USER\Identities\ \Software\Microsoft\Outlook

Express\5.0\Mail\, " Stationery Name "

Any new mail composed after infection will

have the virus embedded as Visual Basic

Script in the message body.

HELP.HTM will be registered as wall paper

by adding the following key:

HKEY_CURRENT_USER\Control Panel\desktop\wallPaper

It will run help.htm if the active desktop

is enabled.

As a virus, it appends itself to host

files, increasing their size by 9,900 bytes.

=============================================

VIRUS UPDATE 1200

=============================================

The latest AntiVirus Update has been uploaded

to the Computer Associates web site for you

to download.

To download the new signature files for IPE

without going through your Web browser, you can

use the new " Auto Download " feature inside

IPE (Tools, AutoDownload) or the AutoDownload

application to check for updated signatures,

download, and install them.

Alternatively, the update file can be obtained

at the following URL:

http://antivirus.ca.com/cgi-bin/ipe/update.cgi

It is recommended that once you have downloaded

and installed an update that you do a virus

scan of all the files on your system and

create a new reference disk for your system.

We recommend that you keep your anti-virus

protection up-to-date at all times by ensuring

you are running the most up-to-date anti-virus

software (Current IPE version 5.2) and that latest

update kit.

These update kits are cumulative: therefore the

latest update kit includes everything from all

previous update kits as well as the new virus

information.

These update kits are NOT complete versions of

IPE but an update which will allow version 5.2

to detect and clean the latest viruses.

=============================================

Additional information on viruses, worms, and

Trojan can be found at Computer Associates

Virus Information Center:

http://www.ca.com/virusinfo/

Carnegie Mellon Software Engineering Institute

(CERT® Coordination Center):

http://www.cert.org/advisories/

=============================================

To subscribe to this or other newsletters, go

to http://esupport.ca.com/index.html?ENews.

You can unsubscribe from the same E-News page or

by sending an email to mailto:listserv@...

with 'signoff enews_ipe' in the message body.

This newsletter contains practical tech support

information about relevant issues with our

products.

=============================================

Feedback? Comments? Suggestions?

Send mailto:editor_ipe@.... All submissions

become the property of the publisher and may or

may not be reprinted.

NOTE: This address should be used only for

feedback on this newsletter. Requests for

technical support should be submitted through

normal channels.