Tech Alert Briefing for 2/20/2002
Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
An email appearing to be sent from a legitimate security site, Trojaner-Info [webmaster@trojaner-info.de], is being used to deliver a dangerous new worm named Yarner (w32.yarner.a@mm).The subject of the infected e-mail reads "Trojaner-Info Newsletter [Current Date]", but instead of an informative newsletter, unwitting recipients actually receive a Windows PE EXE file about 434K in size, written in Delphi.Once executed, the worm deletes the Windows directory on infected computers and uses its own e-mail engine to send copies of itself to others.
Currently, the infections are limited to Germany, however, a several virus companies are warning that a new variation could be produced in English or any other language.
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from opening the attached file with Yarner. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software.
Additional information can be found from:
Red Siren Technologies
Symantec Security Response.
FFIEC Suggests Information Assurance Sites for Tracking IT Security Vulnerabilities and Threats
The FFIEC issued an alert to financial institutions recommending that their IT and Information Security personnel monitor several government sites for detailed detailed information regarding system and product vulnerabilities, mitigation procedures, and links to vendor information in relation to SNMP vulnerabilites.
Financial institutions also should contact their information technology service providers and software vendors directly to ascertain that they are assessing SNMP vulnerabilities in their products and taking steps to mitigate risks.
Previous Tech Alerts:
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed