I've already cleaned up one incident at work where the user was using Eudora v3.05. It's not Outlook specific in the sense of infection...it's user education: If you don't know what it is...don't open it.
McAfee already has the fix for it on their site since last Friday.
- Bernd
-----Original Message-----
From: owner-dakota-truck@buffnet.net
[mailto:owner-dakota-truck@buffnet.net]On Behalf Of SEMIHEMI01@aol.com
Sent: Thursday, November 16, 2000 5:58 AM
To: dakota-truck@buffnet.net
Subject: DML: VIRUS-ALERT (NAVIDAD.EXE)
SUNNYVALE, Calif. -- Anti-virus experts at McAfee have issued a
medium-on watch alert for the W32/Navidad@m Internet worm. They
say the “Navidad” worm uses Microsoft Outlook and Outlook Ex-
press to propagate itself to other PCs. High levels of infec-
tions have been reported in the United Kingdom, South America
and Latin America, although "Navidad" infections in the United
States have been minimal. The “Navidad” worm uses MAPI Outlook
to spread. It's received by e-mail as a response to a sent e-
mail message to an infected user, with the attachment
NAVIDAD.EXE. Once infected, a blue “eye” icon appears in the
lower right corner of one's PC screen. When the cursor is plac-
ed over the icon, the text "Lo estamos mirando" (“We are watch-
ing it”) is displayed. When the "eye" icon is clicked, a button
appears reading "Nunca presionar este boton" ("Never press this
button"). When the button is pressed, a message box is displayed,
titled "Feliz Navidad", which reads "Lamentablemente cayo en la
tentacion y perdio su computadora" ("Merry Christmas. Unfortun-
ately you've given in to temptation and lose your computer").
SEMIHEMI01 (Bill C.) 2001 QC, 4.7L, 5spd. 3.55 LSD, K-N + Cool-Air, SilBlades,
10w-30 MOBIL 1, 180 T'STAT, GIBSON 3" Single Side-Swept cat-back, G-TECH,
<A HREF="http://hometown.aol.com/semihemi01/">"THE DAK"</A>
This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 11:57:23 EDT