Telecom and Logistics Associates 

new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  publication: Christian ALT 

Save Time and Money 

TLAnews: Security NEWs Service

 19.6.2000 SecurityVirus Alert from Trend Micro: High Risk Assessment on "Scrap File"
By late Friday afternoon, four incidents of the virus had been reported by major US corporations on both the east and west coasts. Over the weekend, additional customer sites in India, Australia and the United States reported infections.

En français: Virus alerte de Trend Micor: Niveau de risque élevé sur "Scrap File"
En fin de journée Vendredi, quatre incidents ont étés rapportés par des entreprises maericaines à la fois sur la côte est et la côte ouest. Durant le weekend, des sites additionnels en Inde, Australie et les Etats-Unis ont rapportés des incidents

Home
Consulting
Tech Doc
FW-1 FAQ
Training
Products
TLAnews
Archive
Advertising
 

TLAnews
Information for security concerned people

 
Register to TLAnews letter
 

 

 
English version
 Commonly called "Stage", there's another worm turning through computer systems, but experts say it's not as dangerous as Melissa or as widespread as the "I Love You" virus.

"This is not at all as dangerous as Melissa," said Narinder Mangalam, director of security strategy at CA, Islandia, N.Y. "We just issue these routine warnings every time we come across a new worm. It's not spreading as much as the 'I Love You' virus. We've seen it in a couple different customer sites and just want to make sure people know it's out there."

 
Résumé en français
Appelé "Stage", il y a un nouveau vers qui se propage. Sa propagation  n'est pas importante pourle moment. Trend Micro a néanmoins jugé bon de faire passer sa cotte d'alerte de "medium" à "high".

Il se propage par la messagerie, il utilise un "scarp file". Si le fichier attaché est ouvert il efface "REGEDIT.EXE". Il se propage par Outlook et les "chats". Quelques uns des sujets du message sont: Funny, Fw:Funny, Life stages text, Funny text, or Fw:Funny text

Le texte peut contenir les infos

"The male and female stages of life"; ou
"The male and female stages of life. Bye."

Some sites logged as many as 120,000 copies of "Stages," leading some companies to shut down their email systems.

Trend Micro Inc. , announces the immediate availability of protection for the VBS_Stages.A (a.k.a. IRC_STAGES.A and SHS_STAGES.A) virus, a fast-spreading Trojan worm that affects Windows machines and may arrive via email with a scrap (Shell Scrap Object or SHS) file attachment named LIFE_STAGES.TXT.SHS.

According to Microsoft, a scrap is a file that is created when you drag part of a Word or Excel document to the desktop; In the case of VBS_Stages.A, this scrap file can easily fool the user into believing it is an innocent text file because the extension is not shown and the file assumes the icon of a text file. Once the attachment file is opened, the virus renames and deletes REGEDIT.EXE files and spreads by itself via Microsoft Outlook email, Pirch and mIRC, (Internet relay chat programs) and available mapped drives. Because of its fast-spreading nature, VBS_Stages can quickly overload email servers.

The VBS_Stages.A worm can arrive with any of the following subject headings: Funny, Fw:Funny, Life stages text, Funny text, or Fw:Funny text. The message body can say either "The male and female stages of life"; or "The male and female stages of life. Bye."

When the attached scrap file (LIFE_STAGES.TXT.SHS) is executed, the virus invokes notepad to display a text file that takes a humorous look at the stages of life of both male and female. During this time, the virus installs itself in the system.

By late Friday afternoon, four incidents of the virus had been reported by major US corporations on both the east and west coasts. Over the weekend, additional customer sites in India, Australia and the United States reported infections. For this reason, the risk assessment was increased from medium to high on Sunday. The virus has the potential to spread very rapidly via Outlook email and overwhelm email servers .

Credit goes to "Zulu" for "Stage"

A virus masquerading as a joke about stages of life may be the work of a secretive software writer living in Argentina who has taken credit for key virus developments of recent years, computer experts said.

After several weeks, the once slow-growing virus dubbed "stages.worm" began spreading around the globe, infecting thousands of computers. Damage reports, however, were limited to temporary shutdowns of flooded computer networks.

"Stages" is an email-borne virus that targets users of Microsoft's Outlook Express and is  transmitted in similar fashion to the "I Love You" bug and other recent viruses.

"Zulu," a veteran hacker believed to be living in Argentina, has claimed credit for writing the virus.

In late May, he posted the programming source code for "Stages" on a virus news Web site along with a commentary about the virus that took credit for the work, said Bruce Hughes, a manager at computer security firm ICSA.net. The virus took several weeks to spread over networks.

 

 

 
Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juin 26, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.