[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)

To: <scirocco-l@scirocco.org>
Subject: Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)
From: "humpnyomom" <humpnyomom@home.com>
Date: Sun, 7 May 2000 13:22:39 -0400
References: <20000505002407.25058.qmail@web803.mail.yahoo.com>
Sender: owner-scirocco-l@scirocco.org

Can I just delete the kak.hta file and the virus will be gone?

Justin
'86 Scirocco 16v 2.0L
----- Original Message -----
From: Larry Adres <vwnut@yahoo.com>
To: <scirocco-l@scirocco.org>
Sent: Thursday, May 04, 2000 8:24 PM
Subject: Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in
plaintext.)


> McAfee caught it as soon as I opened the digest. It
> identified it as WScript/Kak.worm.
>
> Wscript.KakWorm - (Aliases: VBS.Kak.Worm,
> Kagou-Anti-Krosoft) This worm spreads using Microsoft
> Outlook Express attaching itself to outgoing messages
> via the Signature feature. The worm utilizes a
> security hole so that viral file is created on the
> system without having to run any attachment. Simply
> reading the received email message will cause the
> virus to be placed on system. Microsoft has patched
> the security hole already, if you have a patched
> versio of Outlook Express, this worm will not affect
> you. The file created by this worm is KAK.HTA. If you
> are infected and it is the lst of the month and the
> hour is 5:00 pm the following message is displayed:
> Kagou-Anti-Kro$oft says not today!. There is NO
> malicious payload. Low Risk Virus
>
> "Low risk" but still not cool.
>
> I guess I better not use Yahoo since there doesn't
> seem to be an option to receive email text-only.
>
> Larry
>
> Gary A. Huff wrote:
>
> >Well this certainly isn't cool. Boy am I glad I
> didn't go upstairs and
> >use my windows machine to read my email....... Here
> is the code from the
> >source of Zack's msg. Even if you don't understand
> it, email should not
> >have references to Autoexec.bat, and something is
> wrong here. Thanks,
>
> >Gary Huff
>
>
> __________________________________________________
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
>
> --
> Email problems to: scirocco-l-probs@scirocco.org  To unsubscibe send
> "unsubscribe scirocco-l" in the message to majordomo@scirocco.org
>


--
Email problems to: scirocco-l-probs@scirocco.org  To unsubscibe send
"unsubscribe scirocco-l" in the message to majordomo@scirocco.org

Follow-Ups:
- Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)
  - From: "Lauri Pettai" <lauri.pettai@netexpress.ee>

References:
- Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)
  - From: Larry Adres <vwnut@yahoo.com>

Prev by Date: autotech/cracked tt cam sprocket
Next by Date: Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)
Prev by thread: Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)
Next by thread: Re: lauri pettaiZach Vrooman MSG Code. (safe to open and read in plaintext.)
Index(es):
- Date
- Thread