[ESIP-all] BEWARE: NEW VIRUS!

Patricia Reiff reiff@ruf.rice.edu
Fri, 22 Nov 2002 11:37:15 -0600


A new virus out there.  I've gotten three so far... all with bogus 
return addresses!  this is from our local virus gurus.  McAfee is 
working on a solution now.



SUMMARY:

A variant of the Bride virus is bypassing our server-based e-mail virus
scanners. If you receive a message with an attachment called "README" or
"README.EXE", do NOT open the attachment. Simply delete the message.

DETAILS:

Hi all. Well, this morning we find that e-mail virus scanning isn't a
panacea for all virus problems. Some variant of the "Bride" virus
appears to be passing through our e-mail virus scanners. It's a nasty
virus that sends e-mail that looks like:

    Hello,

    Product Name: <infected operating system>
    Product Id: <Microsoft product key of infected OS>

    Process List: <list of processes on infected system>

This message includes an attachment called README.EXE. If you open the
attachment, it will infect your system. Like Klez and others, the From
address is forged. So don't bother complaining to the person who sent
it.

Because this virus variant is very new, we do not have updated e-mail
virus scanning on the mail servers yet. But our system admins are
diligently working on it. So please bear with us and simply delete the
indicated messages until correct detection is in place.

Thanks,