Next Previous Contents

18.2   General Virus Information

From SANS Security Digest Vol. 3 No. 2

We will only include items on viruses that have been widely discussed. This is not meant to be an all-inclusive update on recent virus problems and solutions.

Virus information is available from a variety of sites, including:

Good sources for virus myths and hoaxes are:

  1. www.kumite.com/myths
  2. ciac.llnl.gov/ciac/CIACHoaxes.html

IBM's antivirus magazine is readable at: www.av.ibm.com

Example of anti-virus corporate policy available at: www.av.ibm.com/InsideTheLab/Bookshelf/WhitePapers/ (Alan Fedeli's white papers)

02/03/1999 - A new Word 97 macro virus was detected at the Department of Energy. This virus overwrites the footers on all open documents as well as all macros in open documents. This virus affects Windows 95, Windows NT running Word 97 (version 8). For additional information see: www.ciac.org/ciac/bulletins/j-025.shtml

02/01/1999 - A new W97M/Ethan is a Word macro virus has been found. Ethan is a simple macro virus, consisting of a single macro less than 50 lines long. It infects Word's NORMAL.DOT template and documents by prepending it's code to a module in the document. Further information can be found at:

  1. www.DataFellows.com/v-descs/ethan.htm
  2. beta.nai.com/public/datafiles/valerts/vinfo/ethan.htm
  3. www.symantec.com/avcenter/venc/data/w97.ethan.a.html

02/01/1999 - The Happy99 worm has been detected at numerous sites. Happy99 is a Win32 based worm program that modifies e-mails and news postings. When this program is executed it will display some fireworks. In the background this program will create two files SKA.EXE and SKA.DLL. It will alter WSOCK32.DLL to put its code into that file and keep the original file as WSOCK32.SKA. More detailed information is available at:

  1. www.datafellows.com/news/pr/eng/19990129.htm
  2. www.datafellows.com/news/pr/eng/19990129.htm


Next Previous Contents