X-Message-Number: 18676
Date: Thu, 28 Feb 2002 20:39:28 -0700
Subject: Ettinger has been sending some of us the W32/ worm

References: <> 
<>
From:  (Tim Freeman)

My employer has good virus checking code installed, so I copied an
infected email from Ettinger dated February 23 to my work machine and
up popped a window exactly diagnosing the problem.  Network Associates
Inc. VirusScan NT 4.0.3a says it is infected with the W32/
virus.  Documentation for the worm is at:


   
   " + s3 + ""); ">http://securityresponse.symantec.com/avcenter/venc/data/
   
The described symptoms are entirely consistent with the observed
behavior of the worm in the emails I've seen (at least three now, one
directly from Ettinger and two via other people).  The worm apparently
*does* function under Windows 2000.  A free disinfection utility is
at:

   http://www.sophos.com/support/faqs/magbremove.html

although I can't vouch for it because I have not run it.  If you ran
an unsolicited executable file that Ettinger sent you, you will want
to disinfect your machine.  The worm has heuristics for detecting
lawyers and judges and it tries to bite them especially hard.  Search
the web to find more.

I'm sure this is not malicious on Ettinger's part at all.  The worm
sends itself from Ettinger's machine; he does not need to actually do
anything to propagate it beyond running it the first time.

-- 
Tim Freeman       
; formerly 

Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=18676