From rhoskins@home.com Wed Sep 22 19:06:37 1999 Received: from mxu3.u.washington.edu (mxu3.u.washington.edu [140.142.33.7]) by lists.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.08) with ESMTP id TAA63218 for ; Wed, 22 Sep 1999 19:06:36 -0700 Received: from mail.rdc1.wa.home.com (imail@ha1.rdc1.wa.home.com [24.0.2.66]) by mxu3.u.washington.edu (8.9.3+UW99.09/8.9.3+UW99.08) with ESMTP id TAA18910 for ; Wed, 22 Sep 1999 19:06:36 -0700 Received: from c501522a ([24.5.121.123]) by mail.rdc1.wa.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <19990923020635.DPFK14188.mail.rdc1.wa.home.com@c501522a> for ; Wed, 22 Sep 1999 19:06:35 -0700 Message-ID: <014101bf0568$43b905c0$7b790518@olmpi1.wa.home.com> From: "Dick Hoskins" To: Subject: Fw: virus alert Date: Wed, 22 Sep 1999 19:06:35 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 > Virus alert from McAfee. > > VIRUS ALERT - W97M/Suppl > > W97M/Suppl is a new Internet worm, discovered 9/17/99 by AVERT's Virus > Patrol. AVERT has assigned it a MEDIUM risk assessment, and placed it on the > AVERT Watch List. Like W32/Ska, it attempts to infect other computers by > attaching itself (as the file SUPPL.DOC) to outgoing email messages using > SMTP protocol. If you receive an email with an attachment called SUPPL.DOC, > DO NOT OPEN the attachment. Delete it immediately. > > W97M/Suppl has a destructive payload: At infection, the virus replaces the > existing WSOCK32.DLL file with a new version that contains a trojan. > Approximately 163 hours (6.79 days) after initially infecting the local > machine, the corrupted WSOCK32.DLL will seek all files within all fixed > drives with the following extensions and null them (similar to > W32/ExploreZip): .doc, .xls, .txt, .rtf, .dbf, .zip, .arj, .rar, *.* > > > > > .