W32/APost@MM Virus

Information Note Number: IN01-002
3 September 2001

Purpose

Virus Aliases: I-Worm.Readme, W32.Urgent.Worm@mm, W32/Apost-A, W95/Urquest.24576, Win32/Yoview.A@mm

Virus Type: Virus E-mail worm

On September 03, 2001, a new e-mail worm virus called W32/APost@MM was discovered. This worm propagates via an email attachment and infects the local system when the attachment is executed. Once the attachment is executed the worm copies itself to the WINDOWS\SYSTEM folder and to the root directory of all drives. The worm then emails a copy of itself to all addresses found in the Microsoft Outlook Address Book.

Full details of the worm as well as removal instructions can be found at a number of sites including:

vil.mcafee.com
www.symantec.com/avcenter/

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca