X-Message-Number: 18676 Date: Thu, 28 Feb 2002 20:39:28 -0700 Subject: Ettinger has been sending some of us the W32/ worm References: <> <> From: (Tim Freeman) My employer has good virus checking code installed, so I copied an infected email from Ettinger dated February 23 to my work machine and up popped a window exactly diagnosing the problem. Network Associates Inc. VirusScan NT 4.0.3a says it is infected with the W32/ virus. Documentation for the worm is at: " + s3 + ""); ">http://securityresponse.symantec.com/avcenter/venc/data/ The described symptoms are entirely consistent with the observed behavior of the worm in the emails I've seen (at least three now, one directly from Ettinger and two via other people). The worm apparently *does* function under Windows 2000. A free disinfection utility is at: http://www.sophos.com/support/faqs/magbremove.html although I can't vouch for it because I have not run it. If you ran an unsolicited executable file that Ettinger sent you, you will want to disinfect your machine. The worm has heuristics for detecting lawyers and judges and it tries to bite them especially hard. Search the web to find more. I'm sure this is not malicious on Ettinger's part at all. The worm sends itself from Ettinger's machine; he does not need to actually do anything to propagate it beyond running it the first time. -- Tim Freeman ; formerly Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=18676