News

Computer Associates Warns of New Virus

Computer Associates International Inc. (www.cai.com) has begun warning the IT community about "Plage2000," a new worm which could threaten e-mail systems as well as e-business infrastructures.

The worm arrives as a reply to an e-mail message previously sent by the user. The original e-mail will be quoted completely in the reply, and the worm-bearing e-mail contains the following text:

P2000 Mail auto-reply:

' I'll try to reply as soon as possible.

Take a look to the attachment and send me your opinion! '

> Get your FREE P2000 Mail now! <

The worm is attached to the message under one of several names, including pics.exe, images.exe, joke.exe, hamster.exe, tamagotxi.exe, searchURL.exe, SETUP.EXE, s3msong.exe, docs.exe, or humor.exe. On execution, the worm will present itself as a self-extracting WinZip file. The worm then copies itself to the Windows directory under the name INETD.EXE and adds itself to the registry "HKEY_CURRENT_USER\Software\Microsoft\Windows NT|CurrentVersion\Windows\run =\INETD.EXE".

The worm will attempt to establish a connection to a running Outlook or Exchange client every five minutes. When new e-mail messages are received it will reply to unread e-mails with a reply similar to the one described. Although the worm does not have a destructive payload, its propagation mechanism poses a threat to Exchange e-mail infrastructures since it can overload and crash the mail server. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.