CERTA-2000-ALE-004

Vulnerability from certfr_alerte - Published: - Updated:

None

Description

Cybernet-A est un virus macro situé dans un document Word ou Excel se trouvant en pièce jointe d'un mèl. Il se propage grâce au carnet d'adresse d'outlook.

Ce virus se déclenchera un 17 août ou un 25 décembre en tentant d'effacer les documents Word et Excel situés dans les répertoires de démarrage de ces logiciels.

Il modifie également les fichiers autoexec.bat et config.sys sous Windows 95 et 98 afin d'effectuer un formatage du disque dur lors du prochain redémarrage.

Message type de propagation du virus :

        Sujet :"You've GOT Mail !!!"
        Texte : "Please, saved the document after you read and don't show to
                 anyone else. The document is also VIRUS FREE...so DISREGARD the                           
                 Virus protection warning !!!" 
      Pi�ce jointe : Document Word ou excel

Solution

  • Mettre à jour votre anti-virus ;
  • Suivre les conseils de la note d'information CERTA-2000-INF-002 du 16 mai 2000 Chapitre 1-1 Généralités : « Méfiez-vous des choses bizarres ! ».

Virus macro (Word/Excel 97 et 2000)

Impacted products
Vendor Product Description
References
Sophos None vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVirus macro (Word/Excel 97 et 2000)\u003c/P\u003e",
  "closed_at": "2000-05-26",
  "content": "## Description\n\nCybernet-A est un virus macro situ\u00e9 dans un document Word ou Excel se\ntrouvant en pi\u00e8ce jointe d\u0027un m\u00e8l. Il se propage gr\u00e2ce au carnet\nd\u0027adresse d\u0027outlook.\n\nCe virus se d\u00e9clenchera un 17 ao\u00fbt ou un 25 d\u00e9cembre en tentant\nd\u0027effacer les documents Word et Excel situ\u00e9s dans les r\u00e9pertoires de\nd\u00e9marrage de ces logiciels.\n\nIl modifie \u00e9galement les fichiers autoexec.bat et config.sys sous\nWindows 95 et 98 afin d\u0027effectuer un formatage du disque dur lors du\nprochain red\u00e9marrage.\n\nMessage type de propagation du virus :\n\n            Sujet :\"You\u0027ve GOT Mail !!!\"\n            Texte : \"Please, saved the document after you read and don\u0027t show to\n                     anyone else. The document is also VIRUS FREE...so DISREGARD the                           \n                     Virus protection warning !!!\" \n          Pi\ufffdce jointe : Document Word ou excel\n\n## Solution\n\n-   Mettre \u00e0 jour votre anti-virus ;\n-   Suivre les conseils de la note d\u0027information CERTA-2000-INF-002 du\n    16 mai 2000 Chapitre 1-1 G\u00e9n\u00e9ralit\u00e9s : \u00ab M\u00e9fiez-vous des choses\n    bizarres ! \u00bb.\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2000-ALE-004",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2000-05-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Destruction de donn\u00e9es"
    },
    {
      "description": "Propagation de virus"
    },
    {
      "description": "Formatage du disque dur"
    }
  ],
  "summary": null,
  "title": "Virus Macro OF97/Cybernet-A",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Sophos",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.