RE: [Micronet] EIGHT941.D Word macro virus

From: Jason Jed (jason2@eecs.berkeley.edu)
Date: Wed May 31 2000 - 18:44:37 PDT

Next message: Aron Roberts: "[Micronet] SANS list of how to eliminate the top ten Internet security threats"

Previous message: Geoff: "[Micronet] security system auditing"
In reply to: Pat McPeak: "[Micronet] EIGHT941.D Word macro virus"
Next in thread: Greg Paschall: "RE: [Micronet] EIGHT941.D Word macro virus"
Reply: Greg Paschall: "RE: [Micronet] EIGHT941.D Word macro virus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The 4080 definitions made available on the NAI website today (5/31) and
through autoupdate will protect against the newest W97M/Eight variant. Note
that VirusScan must be running at least scan engine version 4.0.25 for these
definitions to be effective. You can update the scan engine by installing
the current SuperDat available from NAI (this will also update the virus
definitions to 4080)
http://www.nai.com/asp_set/download/dats/superdat.asp

Thanks to Pat McPeak and Karin Hansen for helping to resolve this issue!

- Jason

> -----Original Message-----
> From: owner-micronet-list@uclink4.berkeley.edu
> [mailto:owner-micronet-list@uclink4.berkeley.edu]On Behalf Of Pat McPeak
> Sent: Wednesday, May 31, 2000 8:56 AM
> To: micronet-list@uclink.berkeley.edu
> Subject: [Micronet] EIGHT941.D Word macro virus
>
>
> People here recently created a word document which was
> subsequently distributed to several other people, including
> a few at LBL. The viruswall at lbl.gov detected the
> W97M_EIGHT941.D macro virus in the document.
>
> We are running up-to-date VirusScan 4.5 (w/engine 4.0.70, virus
> definitions 4079) on our Windows machines and Virex 6.1
> (w/virus definitions dated June 1, 2000 (go figure)) on the
> Macs. Neither is detecting this virus, though the NAI website
> suggests the original version of the virus was first seen last
> October & that VirusScan w/4047 virus definitions and 4.0.25
> scan engine could detect it.
>
> In communication with the LBL folks, they indicated that this
> variant is fairly new, and they provided a URL for another site
> which describes the virus somewhat differently than the NAI site
> <http://www.antivirus.com/vinfo/virusencyclo/default5.aps5>,
> search on EIGHT941.
>
> Anyone able to provide enlightenment on this matter?
> And who is the campus liaison with NAI?
>
> -Pat
>
> Pat McPeak
> Computer Support pmcpeak@coe.berkeley.edu
> Dean's Office, College of Engineering 510-643-6966 (voice)
> University of California, Berkeley 510-642-9178 (fax)
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, its meetings and events, and its
> mailing list, including information on subscribing and unsubscribing,
> see the Micronet Web site at <URL:http://wss-www.berkeley.edu/micronet/>.
>

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the Micronet Web site at <URL:http://wss-www.berkeley.edu/micronet/>.

Next message: Aron Roberts: "[Micronet] SANS list of how to eliminate the top ten Internet security threats"
Previous message: Geoff: "[Micronet] security system auditing"
In reply to: Pat McPeak: "[Micronet] EIGHT941.D Word macro virus"
Next in thread: Greg Paschall: "RE: [Micronet] EIGHT941.D Word macro virus"
Reply: Greg Paschall: "RE: [Micronet] EIGHT941.D Word macro virus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 31 2000 - 18:44:15 PDT