At Thursday 03:53 PM 3/9/00 , Hermann Wecke wrote:
At 15:28 09/03/2000 -0500, Kai Schlichting wrote:
Can someone with a lucky hand in Visual Basic actually tell us what the trojan attachment we saw (LINKS2.VBS) we saw (full mail headers included, in case Shawn hasn't seen them yet) actually does.
Check at NAI:
http://vil.nai.com/vil/vbs10225.asp <http://vil.nai.com/vil/vbs10225.asp>
Note the warning on that page: ensure that scanning for .VBS files is on, unless you have it configured to scan for ALL files. The warning is very applicable to Norton AV as well: My Norton AV is up to date, and the default is NOT to scan for .VBS files (!) How could they miss that. I can't recall changing the scan settings from 'all' to 'some' files either. Looks like we have a real winning worm here that evades detection by lamely configured virus scanners - what the real default scan settings are is YTBD. Meanwhile, NETWORK.VBS is marching on. bye,Kai