[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Virus Notification Warning (Wscript/Kak.Worm) -- DOE OutReachProgram --




*********************************************
	ASSIST AntiVirus OutReach Program

		Virus: Wscript/Kak.Worm
*********************************************

My name is Andrew Cooke, a member of the Department of Energy Headquarters
Automated Systems Security Incident Support Team (ASSIST) that oversees
virus protection at DOE Headquarters.  Part of our mission is to protect
DOE from incoming computer viruses, especially those that can cause damage,
data loss, or loss of service. The ASSIST AntiVirus OutReach Program is an
awareness program designed to follow up with and educate computer users
concerning computer viruses.

Our protections detected the Wscript/Kak.Worm virus sent by you. 
Because of the way this virus spreads, this transmission may have occurred
without your knowledge.
The Wscript/Kak.Worm virus is a direct action virus and one of the more
successful spreading viruses based on its capability to propagate without
the users knowledge or intervention. The Wscript/Kak.Worm spreads using
Microsoft Outlook Express, attaching itself to all outgoing messages via
the Signature feature of Outlook Express. The Signature features allows for
the viral information to be appended automatically to the end of all
outgoing messages. This virus utilizes a known Microsoft Outlook Express
security hole so that your system becomes infected without having to run
any attachment. Simply reading an infected email message will cause your
system to be infected with this Wscript/Kak.Worm virus. The
Wscript/Kak.Worm virus utilizes the same security hole as the BubbleBoy
virus. This security hole can be closed through the application of a
program modification (patch) available from MicroSoft.

If active scripting is disabled from Outlook Express, then the worm will
not work.

Removal Link:

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000020318071406 

Microsoft has more information on this problem available at:
<http://www.microsoft.com/Security/Bulletins/MS99-032faq.asp> 

Microsoft also a patch to fix this problem at:
<http://www.microsoft.com/security/Bulletins/ms99-032.asp>


Since it was detected that you transmitted an infected attachment, it is
likely that your system has been infected.  We recommend that you contact
your local computer support or security staff (or take whatever steps you
can) as soon as possible to identify, contain, and eradicate this virus.
If this is a home or laptop computer, we suggested that you purchase and
install an anti-virus package to protect your system and those with whom
you exchange files. If you already have anti-virus software, make sure that
you are using the latest virus signature file available from your vendor.

Thank you for your time and concern to halt the propagation of this and
other viruses.
For further information about the ASSIST, please visit our Web site at
www.microtech.doe.gov/assist.

Sincerely,
Andrew Cooke
DOE Headquarters ASSIST

(Automated Systems Security Incident Support Team)
Andrew.cooke@hq.doe.gov
301-903-0649