Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 990

Network and Security Manager Administration Guide
VIRUS:POP3:MATRIX
VIRUS:POP3:MYPICS
VIRUS:POP3:MYROMEO-BLE-BLA
VIRUS:POP3:MYROMEO-EXE
VIRUS:POP3:MYROMEO-I-LOVE-YOU
940
This signature detects e-mails with the content 'Software
provided by Matrix' sent via POP3. This may indicate the
e-mail virus Matrix is attempting to enter the system. The
executed file first checks for antivirus software running on
the host and terminates if found. Otherwise, the virus copies
itself to the Windows directory as Ie_pack.exe, runs, and
renames to Win32.dll. Matrix also installs the downloader
program Mtx_.exe (which downloads plug-ins for the virus
upon reboot), and infects Win32 executables.
This signature detects e-mail attachments named
'pics4you.exe' sent via POP3. This may indicate the e-mail
virus MyPics is attempting to enter the system. The executed
file installs as Pics4You.exe and writes itself to the Windows
Startup directory, obtains e-mail addresses from the
Microsoft Outlook database, and sends infected e-mail
messages to 50 addresses at a time. MyPics was also
designed to corrupt CMOS data and reformat hard drives
on 1/1/2000.
This signature detects e-mails with the subject 'ble bla' with
the attachments myjuliet.chm and myromeo.exe sent via
POP3. This may indicate the e-mail virus Verona is
attempting to enter the system. Because CHM files are
compressed HTML files, myjuliet.chm is activated when
viewed in the Microsoft Outlook preview pane; once
triggered, the CHM file runs myromeo.exe in the background.
Myromeo.exe obtains e-mail addresses from the Microsoft
Outlook database, sends infected e-mail messages to all
addresses found, and edits the Window directory file hh.dat.
This signature detects e-mail attachments with the name
'myromeo.exe' accompanied by myjuliet.chm and sent via
POP3. This may indicate the e-mail virus Verona is
attempting to enter the system. Because CHM files are
compressed HTML files, myjuliet.chm is activated when
viewed in the Microsoft Outlook preview pane; once
triggered, the CHM file runs myromeo.exe in the background.
Myromeo.exe obtains e-mail addresses from the Microsoft
Outlook database, sends infected e-mail messages to all
addresses found, and edits the Window directory file hh.dat
This signature detects e-mails with the attachments
myjuliet.chm and myromeo.exe sent via POP3. This may
indicate the e-mail virus Verona is attempting to enter the
system. Because CHM files are compressed HTML files,
myjuliet.chm is activated when viewed in the Microsoft
Outlook preview pane; once triggered, the CHM file runs
myromeo.exe in the background. Myromeo.exe obtains
e-mail addresses from the Microsoft Outlook database,
sends infected e-mail messages to all addresses found, and
edits the Window directory file hh.dat.
critical sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.1.0
high sos5.1.0
Copyright © 2010, Juniper Networks, Inc.