DANGEROUS MACRO VIRUS ALERT

Jim Hendee hendee at aoml.noaa.gov
Sat May 27 13:33:44 UTC 2000 

I know this isn't coral-related, but since I run the listserver, I'd hate
to see these viruses propagated via the list, so I'm passing this info on
to you.

	Cheers,
	Jim Hendee

---------- Forwarded message ----------
Date: Sat, 27 May 2000 06:34:54 -0400
Subject: DANGEROUS MACRO VIRUS ALERT

"W97M.Melissa.BG" is a Word 97 macro virus
that has a hostile payload deleting critical system
files and self-propagating itself through e-mail
using Microsoft outlook. The subject of the
e-mail is "Resume - Janet Simons". 

W97M.Melissa.BG a macro virus with a very
distructive payload. When a user opens an infected
document, the virus will attempt to e-mail a
copy of this document to everyone in the user's
address book, using Microsoft Outlook. The
virus also deposites 2 copies of itself. One is
copied to "C:\Data\Normal.dot" and another to 
"C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc"

Upon closing the document, the virus attempts
to delete the following files:

"C:\*.*" 
"C:\My Documents\*.*" 
"C:\WINDOWS\*.*" 
"C:\WINDOWS\SYSTEM\*.*"
"C:\WINNT\*.*" 
"C:\WINNT\SYSTEM32\*.*"
and all files in the root directories of drives A
through Z.  (This is especially importatn to users
with network connectivity.)

The body of the hostile e-mail is: 

((QUOTE))
To: Director of Sales/Marketing,

Attached is my resume with a list of 
references contained within. Please 
feel free to call or email me if you 
have any further questions regarding 
my experience. I am looking forward 
to hearing from you.

Sincerely,

Janet Simons.
((UNQUOTE))

Recommended Precautions:
As always, DO NOT open emails or files that appear to have a 
suspicious origin or that contain unusual subject matter.

Familiarize yourself with those filename extensions which can
contain executable content.  Some of those are:

EXE, DOT, DOC, DLL, XLS, PPT, DRV, VBS, VBA,386, ADT, BIN, CBT,
CLA, COM, CPL, DOT, MDB, MSO, OC* and PPT.

If you are a recipient of this particular email, delete the 
mail without opening.

Update your antivirus signatures.

More information about the Coral-List mailing list