-------- Original Message --------
Subject: new worm - new example of social engineering
Date: Tue, 20 Jun 2000 14:17:35 -0400
From: Gary Stoneburner <stoneburner@nist.gov>
re: http://www.nytimes.com/cnet/CNET_0_4_2108936_00.html
"The attachment shows up as LIFE_STAGES.TXT. "
Looks a lot like a text file, but notice the '.' at the end!
"The LIFE_STAGES.TXT attachment is a Shell Script object file,
according to a report on the virus posted at Network Associates' Web
site. Shell Script files carry the extension "SHS," but the extension is
not normally displayed, making it easy to disguise."
Also see:
http://www.symantec.com/avcenter/venc/data/vbs.stages.a.html
http://vil.mcafee.com/dispVirus.asp?virus_k=98668&;
http://vil.nai.com/villib/dispvirus.asp?virus_k=98668
"The attachment is 39,936 bytes and is a Shell Scrap Object file.
These files are the most unpredictable file type of all, since they can
be anything from an authentic file to a trojan application. In this
case, the file cannot be trusted.
An interesting feature of SHS files is that the extension remains
hidden, even though the operating system is set to show file extensions.
This helps to confuse the user into believing the file is really of .TXT
file type. Double-clicking on the file will install this Internet worm
in an interesting manner."
Cheers,
Gary
--
************************************************************
* Gary Stoneburner
* Computer Security Division, Systems and Network Security Group
* National Institute of Standards and Technology (NIST)
* 100 Bureau Dr, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
************************************************************
S/MIME Cryptographic Signature