19 December 2001 Security Advisory

Today, December 19, 2001, another virus was discovered. The W32.Reeezak.A@mm worm is a mass 
mailing worm that uses Microsoft Outlook and MSN Messenger. Its mission is to delete antivirus 
software from the infected machine. In addition, the worm modifies the Internet Explorer start 
page to a malicious homepage. This webpage uses an Internet Explorer exploit to create a 
VBScript file on the system which then spreads itself via network shares and mIRC. The script 
file also attempts to delete common antivirus products.

This is what the infected email message looks like:

Subject: Hi (or Hii)

Body: I can't describe my feelings
But all i can say is
Happy New Year :)
bye

Attachment: Christmas.exe

   * If you get this message, DO NOT OPEN IT, DELETE IT AS SOON AS YOU      SEE IT.
   * If you get a message with Christmas.exe as an attachment (even with a different 
   subject 
   and title), delete the email. 

Security Analysts and antivirus specialists are currently analyzing the virus.

Recommendation: update your virus signatures from your antivirus software vendor and 
scan your disk.
If you do not have antivirus software, go buy one, it only costs about $20/year.

Your privacy is important to me. No one on this list can see your email address.
If you want to be removed from this list, just hit the reply button and include 
the word "remove " at the top of the message.

Happy and Safe Holidays!

Fredo Martin
Free Information Security Seminar -- details at www.workingarts.com