This was received this morning. As the virus is described it has not been listed as a hoax on http://www.symantec.com/avcenter/hoax.html
Sent: Friday, November 08, 2002 10:57 AM
To: All Users
Subject: Virus Warning
Importance: High
*** ATTENTION ALL USERS ***
Please be advised that a widespread e-card (electronic greeting card), that appears to have the characteristics of a worm, has been increasingly reported locally and in fact, has been discovered on our system as well.
This worm is disguised as a greeting card with a subject similar to this: you have a greeting card from . Because it is sent as a link, conventional e-mail anti-virus protection software is unable to detect any abnormalities in the message body and lets the message pass through. Once you click on the link, a script is launched that will attempt to access your contact list and send the same message and link to all valid addresses found. By the time your desktop AV software detects the worm, it has already sent itself to all your contacts.
The worm, as it has been detected on several local business systems, appears to be a variant of a known worm called W32.Friendgreet.worm.
http://securityresponse.symantec.com/avcenter/venc/data/friendgreetings.html
This variant is clever in that it makes you believe that it is valid by indicating a known web address at www.friend-greetings.com but the link actually sends you to a site called friend-greeting.com, which then launches the worm.
If you receive a message similar to that as explained, please DO NOT activate the link. Delete the message immediately or contact an IT Department representative. If the message is from a known source, you may want to contact that individual to inform them that their system has been compromised.
|