[Dshield] Virus identity

Anu Nayar anu.nayar.j8nl at statefarm.com
Thu Nov 7 00:04:21 GMT 2002


Name: W32.Brid.A at mm
Category: 2
Virus Definitions: November 4, 2002 (US Pacific Time)
Type: Worm
Aliases: PE_BRID.A [Trend], W32/Braid at mm [McAfee], W32/Braid-A [Sophos],
Win32.Braid.A [CA]


W32.Brid.A at mm is a mass-mailing worm that includes a slightly modified
variant of W32.FunLove.4099. When executed, W32.Brid.A at mm will attempt to
insert several files on the system, as well as mass-mail itself. The worm
contains it's own SMTP engine, and it will attempt to get the address of the
email server and contact it directly.  The email will contain the attachment
"Readme.exe".

The worm uses a known exploit in Internet Explorer, Incorrect MIME Header
can cause IE to Execute E-mail attachment.

NOTE: Norton AntiVirus will detect the W32.Funlove.4099 virus with
definitions dated November 8, 1999, or later.

-----Original Message-----
From: BrowderC at vab.alliedtech.com [mailto:BrowderC at vab.alliedtech.com]
Sent: Wednesday, November 06, 2002 8:44 AM
To: list at dshield.org
Subject: [Dshield] Virus identity


Is there somewhere I can send a suspected file to have it checked to see if
it's some new form of virus or a mod of an old virus?  We received emails
from the Univ. of Maryland with a Readme.exe file attached.  It passed
through our Gauntlet firewall and InocuLan desktop virus program no problem.
(emails with executables are sometimes needed in our business so we don't
disable all .exe files) One of our users ran it and I'm not sure if it
infected him or not.  A scan of his system still shows no virus.  The only
anomaly is that his msconfig file has been modified and Outlook shuts down
when he tries to open new mail via the new mail notification.

TIA,
Chuck B.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20021106/e0a15fe5/attachment.htm


More information about the list mailing list