TUCoPS :: Malware :: al200007.txt

AusCERT Alert 2000.07 Resume Macro Worm


A  U  S  C  E  R  T                                           A  L  E  R  T
                      AL-2000.07  --  AUSCERT ALERT
                            Resume Macro Worm
                               28 May 2000



	AusCERT has received information of a new variant of the Melissa
	Macro Worm known as W97M.Melissa.BG, ResumeWorm, or W97M.Resume.A.
	This variant attempts to delete crucial system files and all files
	on attached drives the infected user currently has access to.
	The worm propagates itself via e-mail by mailing itself to everyone
	in the Microsoft Outlook Address Book.  In it's current form the
	worm transmits itself in e-mail with a subject of "Resume - Janet
	Simons".  As is typical with this type of incident, there are
	generally numerous mutations of this worm for several weeks
	afterwards.  AusCERT recommends a heightened state of awareness
	and caution with any e-mail attachments that are received in the
	next few weeks.

	AusCERT has received no direct reports of infection among member
	sites within Australia or New Zealand, however we are aware of
	reports of the worm from collaborating security organisations in
	other countries.  We are issuing this warning to draw members'
	attention to the potential for release within Australia and New


	The worm may delete crucial system and data files making systems
	unstable or unusable.  In addition, mail servers may suffer
	increased load as the worm propagates making those servers unstable
	or unusable.  An infected organisation's profile may also be
	damaged due to the organisation being seen as one of the
	propagators of the worm.


	A. User Education

	System Administrators are urged to inform their users about proper
	precautions with regards to handling email attachments.

	AusCERT recommends that sites should update and check their virus
	defenses and either delete or do not open any email messages or
	attachments that resemble the e-mail listed above.

        B. Update Anti-Virus Packages

	System Administrators and Users are urged to ensure that the latest
	Anti-Virus software is installed and it is using the most current
	up-to-date virus databases.

	More information can be found at:


	In addition, the following Microsoft update may be beneficial to
	Outlook users and administrators - "Protect Against Viruses with
	the Outlook E-mail Security Update":


	AusCERT is continuing to monitor this problem. 

- ---------------------------------------------------------------------------
For more information contact please contact your anti-virus vendor.
- ---------------------------------------------------------------------------

[AusCERT issues an alert when the risk posed by a vulnerability that may
not have been thoroughly investigated and for which a work-around or fix
may not yet have been developed requires notification.]

The AusCERT team has made every effort to ensure that the information
contained in this document is accurate at the time of publication. However,
the decision to use the information described is the responsibility of
each user or organisation.  The appropriateness of this document for an
organisation or individual system should be considered before application
in conjunction with local policies and procedures.  AusCERT takes no
responsibility for the consequences of applying the contents of this

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security

AusCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au/pub/.  This archive contains past SERT
and AusCERT Advisories, and other computer security information.

AusCERT maintains a World Wide Web service which is found on:

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business
		hours which are GMT+10:00 (AEST).  On call
		after hours for emergencies.
Australian Computer Emergency Response Team
The University of Queensland
Qld  4072

Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH