It was the Qaz.worm virus. We got hit a couple of weeks ago because the company brass likes to open every single email attachment they get.... I've been busy changing passwords all week. Here's what CERT said about it: QAZ Worm The QAZ Worm is a trojan that has been spreading on the Internet for several weeks. This worm exploits unprotected windows networking shares similar to the network.vbs worm as discussed in CERT Incident Note IN-2000-02 IN-2000-02, Exploitation of Unprotected Windows Networking Shares The QAZ worm searches for shared drives where \\Windows\Notepad.exe is available. Once the worm finds an unprotected share with notepad.exe available, it copies itself to the machine and modifies the registry to insure that it is run every time Windows is restarted. When the machine is rebooted the worm renames the original notepad.exe to note.com and copies itself in place as notepad.exe. Users are encouraged to follow the advice in IN-2000-02 for securing Windows networking shares. Additional information about these viruses and others can be found by visiting the sites listed on our Computer Virus Resources page. I found that it didn't necessarily need a windows share with notepad available. - Mike Johnson -----Original Message----- From: Eduardo Carriles [mailto:eduardo.carriles@teleline.es] Sent: Friday, October 27, 2000 2:50 PM To: SuSE Security Mail List Subject: Re: [suse-security] Microsoft Hacked!!!!! Hi Avi and friends all, No one knows how deep they got, and how much did they borrow from $MS. It has to be much, BBC reporting on Microsoft, sounds strange. Pity that we do not know for sure, bust just to be malicious, wont it be some $MS campaign or some thing baking or been prepared?? Sci-Fi. Who knows. But will have great consecuences, for sure. Stay tunned. Cheers!! =:`8) Avi Schwartz wrote:

There is nothing funny about it. As much as I dislike Microsoft, this is still a criminal act.

Avi

Matthew Johnson wrote:

...

http://news.bbc.co.uk/hi/english/business/newsid_993000/993933.stm

Thoughts? Opinions? Erm, jokes?

-- Avi Schwartz Get a Life avi@CFFtechnologies.com Get Linux

-- HTH Best regards, Eduardo Carriles [-- Better a smile than a flame --] (Long time SuSE-Linux [preferred distro] user). [-- Se me nota mucho? -- Notices me much?] [-- Have a lot of fun...] --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com