|
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== A U S C E R T A L E R T AL-2000.07 -- AUSCERT ALERT Resume Macro Worm 28 May 2000 =========================================================================== PROBLEM: AusCERT has received information of a new variant of the Melissa Macro Worm known as W97M.Melissa.BG, ResumeWorm, or W97M.Resume.A. This variant attempts to delete crucial system files and all files on attached drives the infected user currently has access to. The worm propagates itself via e-mail by mailing itself to everyone in the Microsoft Outlook Address Book. In it's current form the worm transmits itself in e-mail with a subject of "Resume - Janet Simons". As is typical with this type of incident, there are generally numerous mutations of this worm for several weeks afterwards. AusCERT recommends a heightened state of awareness and caution with any e-mail attachments that are received in the next few weeks. AusCERT has received no direct reports of infection among member sites within Australia or New Zealand, however we are aware of reports of the worm from collaborating security organisations in other countries. We are issuing this warning to draw members' attention to the potential for release within Australia and New Zealand. IMPACT: The worm may delete crucial system and data files making systems unstable or unusable. In addition, mail servers may suffer increased load as the worm propagates making those servers unstable or unusable. An infected organisation's profile may also be damaged due to the organisation being seen as one of the propagators of the worm. RECOMMENDATIONS: A. User Education System Administrators are urged to inform their users about proper precautions with regards to handling email attachments. AusCERT recommends that sites should update and check their virus defenses and either delete or do not open any email messages or attachments that resemble the e-mail listed above. B. Update Anti-Virus Packages System Administrators and Users are urged to ensure that the latest Anti-Virus software is installed and it is using the most current up-to-date virus databases. More information can be found at: http://www.sarc.com/avcenter/venc/data/w97m.melissa.bg.html http://vil.nai.com/villib/dispvirus.asp?virus_k=98661 http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_RESUME.A http://www.nipc.gov/alert00-045.htm In addition, the following Microsoft update may be beneficial to Outlook users and administrators - "Protect Against Viruses with the Outlook E-mail Security Update": http://officeupdate.microsoft.com/2000/articles/out2ksecarticle.htm AusCERT is continuing to monitor this problem. - --------------------------------------------------------------------------- For more information contact please contact your anti-virus vendor. - --------------------------------------------------------------------------- [AusCERT issues an alert when the risk posed by a vulnerability that may not have been thoroughly investigated and for which a work-around or fix may not yet have been developed requires notification.] The AusCERT team has made every effort to ensure that the information contained in this document is accurate at the time of publication. However, the decision to use the information described is the responsibility of each user or organisation. The appropriateness of this document for an organisation or individual system should be considered before application in conjunction with local policies and procedures. AusCERT takes no responsibility for the consequences of applying the contents of this document. If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). AusCERT maintains an anonymous FTP service which is found on: ftp://ftp.auscert.org.au/pub/. This archive contains past SERT and AusCERT Advisories, and other computer security information. AusCERT maintains a World Wide Web service which is found on: http://www.auscert.org.au/. Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. Postal: Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 AUSTRALIA -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOXXWJyh9+71yA2DNAQGwlwQAlBKbv5Z/yQ7XD9i0wBjJC0pcUj1092/A HwQYgBzGaHdzLT17KJocpdHq27CvQGv3KkjUr5m7ZPOErQAP3bRzyVWG3uMsayer nFYx+QeypcO8hTH+f26bCasGSUEQ8Itxw/KSdV/32BTEfE9BLcfUrOxD3ZCuwugS NjJ2taVeLps= =b9Xl -----END PGP SIGNATURE-----