[ADMIN] Confirmed Virus Warning... Mawanella

[Guest guest]

Hi Folks:

 

This came from the Symantec and the Trend Micro people as a moderate risk virus

warning today. Once again, the safest thing is not to open any unsolicited

attachments (this one is a .vbs file, or visual basic script). The next safest

thing is probably to ditch Microsoft ;-) This one sounds particularly

attractive

to people because it mentions a village in Sri Lanka, as opposed to the usual

drivel such as naked pictures or humor.

 

At any rate, here is the info, FYI:

****************************

From Trend Micro:

 

Virus Name: VBS_VBSWG.Z

Risk Type: Medium Risk Alert

Pattern File: #891

 

VBS_VBSWG.Z is a new Internet worm similar to the recent Homepage virus and

propagates via Microsoft Outlook only. The worm sends out email to all addresses

listed in the infected user's address book with itself as an attachment. A

sample

of this email is as follows:

 

Mawanella

Body text: Mawanella is one of the Sri Lanka's Muslim Village

Attached file: Mawanella.vbs

 

After the worm sends out email and if the infected system does not have

Microsoft

Outlook installed, the worm displays two message boxes.

 

For more information regarding VBS_VBSWG.Z please access the Trend Virus

Information Center at http://www.antivirus.com/vinfo

 

*********************************************

From Symantec (thanks, Michelle):

 

This is a warning regarding W32.VBS.VBSWG2.Z@mm (a.k.a Mawanella), a

mass-mailing

worm which is reportedly spreading quickly throughout North America and the

world. The worm utilizes a Visual Basic script to infect Windows machines and

spread via the Microsoft Outlook address book.

Symantec has released a virus definition file (dated 5/17/01) which will detect

W32.VBS.VBSWG2.Z (AT) mm (DOT) The current VirusScan definition file (v4139) will detect

the worm. There have been no reports of this virus on campus as of yet, but

please be aware of it.

 

Characteristics

---------------

The virus arrives in an email with the subject:

" Mawanella "

The body of the message includes the text:

" Mawanella is one of the Sri Lanka's Muslim Village "

 

The email also contains the attachment " Mawanella.vbs, " which is a Visual Basic

script file that the worm uses to execute its payload. When executed, the worm

will email itself to all addresses in the user's Microsoft Outlook address book.

No other damage is done to the machine, and no registry entries are created or

altered. The worm will only execute the mass-mailing once.

 

Finally, the worm displays a dialog box to the user. An image of this dialog

box

can be found at:

 

http://www.upenn.edu/computing/virus/desc/mawanella.jpg.

 

(In case you can't get the link, the dialog box mentioned has a burning ascii

house on it and the words: " Mawanella is one of the Sri Lanka's Muslim Village.

This brutal incident happened here 2 Muslim Mosques and 100 Shops are burnt. I

hat

this incident, What about you? I can destroy your computer I didn't do that

because I am a peace-loving citizen.)

 

Recovery

------------

Delete the above email message, and upgrade your virus definition file to the

latest version (dated 5/17/01). Run a full system scan on your machine, and

delete all files detected as being infected with VBS.VBSWG2.Z (AT) mm (DOT)

 

Outlook 98 and 2000 users should download and install the Outlook security patch

from:

 

http://officeupdate.microsoft.com/downloadDetails/Out98sec.htm

http://officeupdate.microsoft.com/2000/downloadDetails/Out2ksec.htm

 

Further information on the Mawanella worm (including screenshots) can be found

at:

 

http://www.symantec.com/avcenter/venc/data/vbs.vbswg2.z (AT) mm (DOT) html

http://vil.nai.com/vil/virusSummary.asp?virus_k=99090

http://www.sophos.com/virusinfo/analyses/vbswgz.html

http://www.europe.f-secure.com/v-descs/vbswg_z.shtml

 

 

--

Blessings and Be Careful Out There,

Caroline