LR- virus

Cantley_Tim at emc.com Cantley_Tim at emc.com
Fri Feb 16 08:01:53 PST 2001 

I just love it when you talk techie.  Gives me goose bumps ;)

Sean

> -----Original Message-----
> From:	Baron Rozell [SMTP:ack3 at airmail.net]
> Sent:	Friday, February 16, 2001 10:54 AM
> To:	loch-ruadh at ansteorra.org
> Subject:	Re: LR- virus
> 
> Captain Bjorn said something like:
> I didn't get a virus alert per say, but I did pick up a script error
> message
> in one of the posts to this list.
> 
> The message sounded alot like(however not identical to) the message you
> get
> when the kak worm tries to infest your computer.  You would only get the
> message if you have the patch installed that fixes the hole in MS outlook
> express.
> --------------------------
> 
> It was indeed the kak virus. Here is some info about it from the nai
> website(http://download.nai.com/products/mcafee-avert/JsKak.htm). It also
> gives instructions on how to get rid of the virus and some pretty
> technical
> information about it.  If anyone has any questions about this information
> or
> has the virus and would like help in getting rid of it, or would like to
> see
> what the virus code looks like, feel free to contact me at
> ack3 at airmail.net
> .
> 
> 
> JS/Kak at M is a virus that spreads via email. This type of virus is also
> referred to as a 'worm'.  The virus code is a simple script, which can be
> found encapsulated inside HTML formatted messages.  If you receive an
> infected message (in HTML format) and your system has no virus protection
> in
> place, one of two events will take place.
> 1) If you have Internet Explorer 5 with Windows Scripting Host installed
> and
> your mail system is Outlook Express 5, the virus will install itself on
> your
> machine and all your outgoing HTML messages will contain a copy of the
> virus.
> 
> 2) If you do not have the Windows Scripting Host installed or your mail
> system is not Outlook Express 5, then your outgoing messages will remain
> clean. However, if you reply, forward, or redirect an infected message in
> HTML format and include the original message, you will pass the virus
> along
> to other recipients.
> 
> Despite the high level of security options in the configuration of the
> Internet Explorer 5, the virus uses a security hole, which allows it to
> execute itself silently. Microsoft calls this flaw "script.typelib/Eyedog"
> Vulnerability (MS99-032) and offers a patch to stop it.
> Details about the security hole:
> http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
> Download of US and localized versions:
> http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
> 
> 
> 
> 
> ==========================================================================
> ==
> Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.
============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.

More information about the Loch-Ruadh mailing list