LR- virus
Baron Rozell
ack3 at airmail.net
Fri Feb 16 07:54:18 PST 2001
Captain Bjorn said something like:
I didn't get a virus alert per say, but I did pick up a script error message
in one of the posts to this list.
The message sounded alot like(however not identical to) the message you get
when the kak worm tries to infest your computer. You would only get the
message if you have the patch installed that fixes the hole in MS outlook
express.
--------------------------
It was indeed the kak virus. Here is some info about it from the nai
website(http://download.nai.com/products/mcafee-avert/JsKak.htm). It also
gives instructions on how to get rid of the virus and some pretty technical
information about it. If anyone has any questions about this information or
has the virus and would like help in getting rid of it, or would like to see
what the virus code looks like, feel free to contact me at ack3 at airmail.net
.
JS/Kak at M is a virus that spreads via email. This type of virus is also
referred to as a 'worm'. The virus code is a simple script, which can be
found encapsulated inside HTML formatted messages. If you receive an
infected message (in HTML format) and your system has no virus protection in
place, one of two events will take place.
1) If you have Internet Explorer 5 with Windows Scripting Host installed and
your mail system is Outlook Express 5, the virus will install itself on your
machine and all your outgoing HTML messages will contain a copy of the
virus.
2) If you do not have the Windows Scripting Host installed or your mail
system is not Outlook Express 5, then your outgoing messages will remain
clean. However, if you reply, forward, or redirect an infected message in
HTML format and include the original message, you will pass the virus along
to other recipients.
Despite the high level of security options in the configuration of the
Internet Explorer 5, the virus uses a security hole, which allows it to
execute itself silently. Microsoft calls this flaw "script.typelib/Eyedog"
Vulnerability (MS99-032) and offers a patch to stop it.
Details about the security hole:
http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
Download of US and localized versions:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.
More information about the Loch-Ruadh
mailing list