Office of Information Technology
Home
Calendar
Map
 Home
 Computing
Library
Search

Security: How-To Guides

Security Home Statistics Virus/AntiVirus Policies &tc How-To Guides Get Our Attention
Quick Find
Yaha.K / Lentin.H Worm (12-21-2002)

Summary
Affects:

All Windows Operating Systems
Type: Worm
Threat: Typically replicates over email (mass-mailings)
Fix: McAfee with DAT 4239 (or greater)

What to Do Next

Update McAfee DAT to most recent available
Return to Top


Lioten/Iraq_oil Worm (12-16-2002)

Summary
Affects:

Windows 2000 and XP

Specifically, Sophos (see Sophos's full report) notes that Lioten :

  • can neither run on nor break into Windows 95/98/Me computers;
  • can run on but not break into Windows NT computers;
  • can run on and break into Windows 2000 and Windows XP computers.
Type: Worm
Threat: Typically replicates over network shares (via SMB)
Look for email attachment file called iraq_oil.exe
Fix: McAfee with DAT 4239 (or greater)


Official Releases

Vendor Reports

McAfee's report Outbound Link
F-Secure's description Outbound Link
Sophos' s analysis Outbound Link


What to Do Next

Update McAfee DAT to most recent available
Return to Top


Opaserv Worm and Variants (09-28-2002)

Summary
Affects:

All Windows Operating Systems, but especially pre-NT-kernel-based
Type: Worm
Threat: Typically replicates over network shares (via NetBIOS)
Look for email attachment / screensaver-mimic worm file called scrsvr.exe
Fix:

McAfee with DAT 4231 (or greater)

Download and install appropriate patches

'Share Level Password' Vulnerability

Patch for Windows 95/98/ME Outbound Link


Official Releases

Vendor Reports

McAfee's report Outbound Link
Sophos's analysis Outbound Link
Microsoft's Official Announcements & Press Releases

Patch Available for 'Share Level Password' Vulnerability: Microsoft Security Bulletin (MS00-072) Outbound Link


What to Do Next

Update McAfee DAT to most recent available
Return to Top


Caric-A / MyLife.b Worm (03-21-2002)

Summary
Affects:

Only Windows Operating Systems running Outlook
Type: Worm
Threat: Typically replicates over email, sending to all addresses in both the Outlook Address book and the MSN Messenger contact list
Look for email attachment VBS file called cari.scr
Fix: McAfee with DAT 4193 (or greater)


Official Releases

Vendor Reports

McAfee's report Outbound Link

Sophos's analysis Outbound Link

External Articles

The Register's article Outbound Link


What to Do Next

Update McAfee DAT to most recent available


Gibe Worm (03-04-2002)

Summary
Affects:

All Windows Operating Systems
Type: Worm
Threat: Typically replicates over email
"This mass-mailing worm masquerades as a Microsoft Security Update patch (named Q216309.EXE) in order to dupe users into executing it."
Fix: McAfee with DAT 4190 (or greater)


Official Releases

Vendor Reports

McAfee's report Outbound Link

Excerpt: "This mass-mailing worm masquerades as a Microsoft Security Update patch (named Q216309.EXE) in order to dupe users into executing it."


What to Do Next

Update McAfee DAT to most recent available


"My Party" Worm (01-28-2002)

Summary
Affects:

All Windows Operating Systems
Type: Worm
Threat: Typically replicates over email;
Drops a BackDoor trojan file (BackDoor-FB.svr.gen)
Fix: McAfee with DAT 4184 (or greater)


Official Releases

Vendor Reports

McAfee's report Outbound Link


What to Do Next

Update McAfee DAT to most recent available


OIT Security: Footer
NOTE: " Outbound Link" Indicates a link to an external (non-UMBC)

Last modified: 2/3/2003
Office of Information Technology • Main Office: ECS 125 • Phone: 410-455-3838 • Email: oit@umbc.edu