[cobalt-users] Virus found on list

["Jim Jeup" <raq3@xxxxxxxxxxxxxx>]

Here's another one...
Found on two messages in the list

Wscript.Kakworm

The two message titles were:

"Sendmail quit working when I changed ISP"
and
"Newbie Sendmail error"

It was the same virus on each piece of mail

The worm is as follows:

"This is an Internet worm which uses ActiveX and Windows Scripting Host to
propagate itself through email using MS Outlook. This worm consists of 3
components, an HTA file (HTML for Applications), a REG file (Registration
Entries Update) and a BAT file (MS-DOS Batch).

The method used to integrate these components is to have first composed an
email message in HTML which supports scripting. Using an ActiveX exploit
known as "Scriptlet TypeLib", the script writes an HTA file to the local
machine, typically in the startup folder. This will launch the code embedded
in the HTA file at the next Windows startup. Microsoft has published a
security update which addresses this ActiveX exploit and users are
encouraged to update their systems with this component. With this update
installed, users are questioned if they wish to run the ActiveX control
which is marked "safe for scripting"."

I switched to Linux to download the whole Cobalt list, but could not get
those things that were downloaded already. So, I only had the subjects of
the files available to post.

This should have popped up for a virus to anyone who is using Windows with
Outlook, OE, or Netscape. If it did not pop up with an alert on your
system... update your virus protection.

Now, I hope that stupid virus alert program doesn't kick in and bomb the
list again. (still groaning from the last time)

Jim Jeup