Figure: the preview of the email from W32/Aliz under Japanese
IE users must apply security patches!!This is a summary of Computer Virus Incident Reports for November 2001 compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka).
2766 reports were submitted to IPA in November. This is the biggest number since August 2001 when 2809 reports were submitted. After the appearance of W32/Nimda, many viruses use the same method as W32/Nimda did to propagate themselves.
The number of reports for this month increased dramatically, compared to that of the last month (1241 reports). There were 1020 reports for W32/Aliz. It is the biggest number of submitted reports for a new virus since July, 2001 when 520 reports were submitted for W32/Sircam.(Details of W32/Aliz will be described later)
Many viruses now trying to exploit IE's vulnerability!!IE users must apply security patches!!
Three new viruses which propagate themselves by exploiting security holes were reported (W32/Klez*, W32/Aliz*, W32/Badtrans (a variant)*). All of them exploit the same vulnerability of Internet Explorer components so that your machine will be automatically infected when you just open the mail with Outlook or preview the mail with Outlook Express. (For details, refer to page with *)
| Number of Report | Date of the first report | Description | |
| W32/Aliz | 1020 | Nov 2001 | Sending itself (: virus mails) |
| W32/Badtrans (variant) | 486 | Nov 2001 | Leaking of personal information such as pass word This is a variant of W32/Badtrans A, which added the function that it infects when you see the body of the email |
| W32/Klez | 47 | Nov 2001 | Damaging files in PC |
| W32/Nimda | 763 | Sep 2001 | Getting infected by seeing the infected Web page |
| VBS/Haptime | 200 | May 2001 | Damaging data when the total number of the day becomes 13 (e.g. January 12) |
| Wscript/Kakworm | 688 | Apr 2000 | It attaches itself to all outgoing messages as a signature file |
| W32/Badtrans (original) | 94 | May 2001 | Leaking of personal information such as pass word |
These viruses above have the same feature that it sends itself to the address registered the address book when infected. There is no function for W32/Badtrans (original) to attack security hole.
W32/Aliz will be automatically executed when you just open or preview the mail and it will re-send itself to the addresses registered in the "Address Book". You can disinfect this virus by just removing the mail. But if you have not apply proper patches, your machine will be infected again when you got a virus mail next time. We could not deny the possibility that another similar viruses will appear. So IE users will be encouraged to apply the latest patches ASAP to protect against those viruses.
How to deal with the security holes:1. Apply the security patch. Refer to the following site for the specific guide." Quick guidelines on security measurements for home users from Microsoft "http://www.microsoft.com/Japan/enable/products/security/verslist.asp?prod=032(Japanese)
2. Install the latest InternetExplorer 6.0.
note: Be sure to chose "Typical set of components" which includes Outlook Express.
In default, OE will preview the mail body when a user selects a mail by clicking (shown below ). But in case that the mail was created by one of those viruses which exploits the vulnerability mentioned before, the attached virus file will be automatically executed without notification, and your machine will get infected with the virus. To avoid infection, users required to apply proper security patches to IE.Reference: In emergency, the following guidelines will help you to remove virus mail manually.1. Disconnect from the Internet.2. Click [View] - [Layout] on the Outlook Express toolbar, and uncheck the "use preview pane" to eliminate preview window.3. Delete the infected email (without opening the attachment).
If you have already applied proper patches to IE or you are using a mail client other than Outlook/Outlook Express, virus file will not be automatically executed when you preview the infected mail. But if you double-click the attachment, the virus will be activated and infect the machine. Applying patches and Using other mailers does not mean your machine is totally secure with those viruses. It means it can avoid infection by previewing.Those viruses only works on Win32 environment (Windows95/98/ME/NT/2000/XP). Macintosh users are pretty much safe with those viruses. But forwarding a virus infected mail might be result in the infection of the recipient's windows machine. Macintosh users need to be aware of the dangers.
Overhaul your virus measurements towards the New Year!!!
===== Have a secure New Year with full preparation for viruses =====
It seems that people tend to send more emails during yearend. New virus or hoax mailpretending the Christmas card or the New Year card may appear during the season. So you need to prepare for the potential threat of infection.For the case of you getting the infected email, all you need is to do appropriate measurements so that you can easily deal with it and get no harm. Take the following 3 steps for the preparation.1. Install and utilize the Anti-virus software. Do not forget to update the definition file."Information on Anti-virus software "2. Set up the security option of the browser and mailer properly.
"A screen for setting the security option of the major Anti-virus software "3. Dealing with the security holes.
It is necessary for every PC user to do continued Anti-virus measurements day by day.You need to update the definition file of Anti-virus software at least once a week and also deal with the security hole based on the latest information on the Web site of the venders.In this manner, it is essential to have full preparation and keep up with the latest information updated day by day so as to prevent damage caused by virus before they occur. It seems like a pain in the neck but be sure that it will be too late when you actually get infected.
Information Security Seminar as an event of the month in which concentrates on computerization had been held in 13 places in Japan and it ended. There were more applicants than quorum in most of the places, which shows the high security consciousness in these days. The attendance rate was pretty good and we got about 3800 participants to total, which was over double to the last year's.
Reference: http://www.ipa.go.jp/security/event/sec_sem00/jisshireport.html
Information: IPA Security Center (IPA/ISEC)
(ISEC:Information technology SEcurity Center)
Phone: 03-5978-7508 FAX:03-5978-7518 E-mail:isec-info@ipa.go.jpComputer Virus Incident Reports for November, 2001(full report)