--->>> Shaka( Rudy) HelPC list owner shaka.rudy@xxxxxxxxx -----Message d'origine----- De : SARC-HTML-l [mailto:sarc@xxxxxxxxxxxx] Envoyé : lundi 22 avril 2002 5:58 À : SARC-HTML-L@xxxxxxxxxxxxxxxxxxxx Objet : Symantec Security Response - April 2002 Newsletter symantec <http://www.symantec.com/> TM symantec security response ISSN 1444-9994 April 2002 Newsletter These are the most common Viruses, Trojans and Worms reported to Symantec Security Response during the last month. _____ Country Spotlight United Kingdom <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> JS.Exception.Exploit <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> Backdoor.Trojan <http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx tml> W32.Klez.E@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx l> W32.Gibe@mm <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> W95.Hybris.worm <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> W32.Magistr.39921@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm @mm.html> W32.Sircam.Worm@mm <http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht ml> Trojan Horse <http://securityresponse.symantec.com/avcenter/venc/data/js.seeker.html> JS.Seeker <http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht ml> <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> _____ Top Global Threats <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> JS.Exception.Exploit <http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx tml> W32.Klez.E@mm <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> W95.Hybris.worm <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> W32.Magistr.39921@mm <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> Backdoor.Trojan <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht ml> Trojan Horse <http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx l> W32.Gibe@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm @mm.html> W32.Sircam.Worm@mm <http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.a@m m.html> VBS.Haptime.A@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm. html> Asia Pacific <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> JS.Exception.Exploit <http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx tml> W32.Klez.E@mm <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> W95.Hybris.worm <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> Backdoor.Trojan <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> <http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm @mm.html> W32.Sircam.Worm@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> W32.Magistr.39921@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx l> W32.Gibe@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> <http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.a@m m.html> VBS.Haptime.A@mm <http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht ml> Trojan Horse Europe, Middle East & Africa <http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx tml> W32.Klez.E@mm <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> JS.Exception.Exploit <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> W95.Hybris.worm <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> W32.Magistr.39921@mm <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> Backdoor.Trojan <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> <http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht ml> Trojan Horse <http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm @mm.html> W32.Sircam.Worm@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx l> W32.Gibe@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm @mm.html> <http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.a@m m.html> VBS.Haptime.A@mm Japan <http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx tml> W32.Klez.E@mm <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> JS.Exception.Exploit <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> W95.Hybris.worm <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> <http://securityresponse.symantec.com/avcenter/venc/data/w32.fbound.gen@ mm.html> W32.FBound.gen@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx l> W32.Gibe@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> <http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm. html> W32.Nimda.enc <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> Backdoor.Trojan <http://securityresponse.symantec.com/avcenter/venc/data/w32.aliz.worm.h tml> W32.Aliz.Worm The Americas <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> JS.Exception.Exploit <http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html> W95.Hybris.worm <http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@xxxx tml> W32.Klez.E@mm <http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html> <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> W32.Magistr.39921@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxx l> W32.Gibe@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> <http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan .html> Backdoor.Trojan <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> <http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.ht ml> Trojan Horse <http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.399 21@xxxxxxx> <http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@ mm.html> W32.Badtrans.B@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm @mm.html> W32.Sircam.Worm@mm <http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm. html> W32.Nimda.enc <http://www.symantec.com/avcenter/venc/data/w32.annoying.worm.html> _____ <http://securityresponse.symantec.com/avcenter/venc/data/wscript.kakworm .html> Removal Tools for malicious code are on our <http://securityresponse.symantec.com/avcenter/tools.list.html> web site <http://securityresponse.symantec.com/avcenter/hoax.html> A list of Virus Hoaxes <http://securityresponse.symantec.com/avcenter/hoax.html> reported to Symantec A list of Joke <http://securityresponse.symantec.com/avcenter/jokes.html> Programs reported to Symantec. Glossary <http://securityresponse.symantec.com/avcenter/refa.html> for definitions of viruses, Trojans and worms and more. _____ This month we had W32.MyLife and W32.Gibe peaking at around the same time in the second week of March. This was an unwelcome coincidence and whilst it rapidly increased the number of customer sample submissions we received the Digital Immune System coped very well. We had a mix up with the naming of W32.FBound.gen@mm, in the process of getting detection out as soon as possible. We all focussed on the analysis and not the name, which caused some debate in some of the public anti-virus online forums about the naming standards in use. I must say that whilst I agree it's important to get names correct it humours me to see us spending more time discussing the names of threats than it takes to do the detection and roll out the update. :) This month has seen the faltering of a keystone of the product testing framework of the anti-virus industry with the announcement that The Wildlist (http://www.wildlist.org) may have to cease operation due to lack of funds. The Wildlist has been used as the benchmark to test anti-virus software against for many years and has contributors from many prominent individuals and organisations. Each of these contributors reports the names of viruses reported to them to The Wildlist who then collates this information to produce monthly-consolidated virus prevelance reports. The is good news though, apparently there is a certain amount of industry support and the April Wildlist will be published. David Banes. Editor, securitynews@xxxxxxxxxxxx Viruses, Worms & Trojans W32.MyLife Moderate [3] Threat Win32 Global Infection breakdown by geographic region % of Total America (North & South) 70.2% EMEA (Europe, Middle East, Africa) 22.7% Japan 0.7% Asia Pacific 6.4% Date % Reports 8 Mar 9 Mar 10 Mar 11 Mar 12 Mar 13 Mar 14 Mar 15 Mar 16 Mar 17 Mar 12.0% 1.9% 4.7% 25.2% 19.6% 14.0% 7.5% 7.0 0.5% 1.4% W32.MyLife@mm is a simple mass-mailer that sends itself to all contacts in the Microsoft Outlook address book. The worm is a compiled Visual Basic executable that has been compressed. It attempts to delete files that have the extensions .com, .sys, .ini, .exe, .sys, .vxd, .exe, or .dll. (This could not be reproduced in a controlled test environment.). There are several variants of this worm, W32.MyLife.B@mm, W32.MyLife.C@mm, D, E and F, G, H and J. http://securityresponse.symantec.com/avcenter/venc/data/w32.mylife@xxxxx ml Douglas Knowles Symantec Security Response, USA W32.Gibe@mm Moderate [3] Threat Win32 Global Infection breakdown by geographic region % of Total America (North & South) 67.4% EMEA (Europe, Middle East, Africa) 24.6% Japan 3.4% Asia Pacific 4.6% Date % Reports 5 Mar 8 Mar 10 Mar 11 Mar 12 Mar 13 Mar 14 Mar 15 Mar 18 Mar 24 Mar 0.3% 5.9% 10.4% 14.7% 16.4% 12.7% 4.6% 3.1% 2.2% 0.4% W32.Gibe@mm is a worm that uses Microsoft Outlook and its own SMTP engine to spread. This worm arrives in an email message--which is disguised as a Microsoft Internet Security Update--as the attachment Q216309.exe. The worm also attempts to copy itself to all locally mapped remote drives. The fake message, which is not from Microsoft, has the following characteristics: From: Microsoft Corporation Security Center Subject: Internet Security Update Message: Microsoft Customer, this is the latest version of security update, the update which eliminates all known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities . . How to install Run attached file q216309.exe How to use You don't need to do anything after installing this item. . . Attachment: Q216309.exe The attached file, Q216309.exe, is written in Visual Basic; it contains other worm components inside itself. http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxxx Gor Nazaryan Symantec Security Response, USA. W32.FBound.gen@mm Moderate [3] Threat Win32 Global Infection breakdown by geographic region % of Total America (North & South) 18.7% EMEA (Europe, Middle East, Africa) 40.6% Japan 19.4% Asia Pacific 21.2% Date % Reports 17 Mar 18 Mar 19 Mar 20 Mar 21 Mar 22 Mar 23 Mar 26 Mar 30 Mar 4 Apr 1.9% 16.8% 17.1% 11.8% 7.1% 8.1% 5.0% 4.0% 2.2% 1.6% This is a mass-mailing worm that uses the infected computer's SMTP server to send itself to all addresses in the Windows address book. It contains no payload. The email arrives with an attachment named Patch.exe. For addresses ending in .jp (Japan), there are 17 Japanese language subjects, one of which is randomly chosen each time <http://securityresponse.symantec.com/avcenter/venc/data/w32.fbound.gen@ mm.html> http://securityresponse.symantec.com/avcenter/venc/data/w32.fbound.gen@m m.html Peter Ferrie Symantec Security Response, APAC Linux.Jac.8759 Very Low [1] Threat Linux Linux.Jac.8759 is a virus that infects files under Linux. The virus infects ELF executables that exist in the same directory as the virus. When Linux.Jac.8759 is executed, it starts by checking all files that are in the same directory as the one from which the virus was executed. If it finds executable files that have write permission, it attempts to infect them. The virus will not infect files that end with the letters ps, nor will it infect files that were not created for the x86 (Intel) platform. The virus modifies several fields in the header of the file. One of the modifications is used as an infection marker. This check prevents the virus from infecting a file multiple times. <http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759. html> http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759.h tml Neal Hindocha Symantec Security Response, EMEA. Security Advisories Zlib compression library double free bug could allow arbitrary code High [4] Risk Various There is a programming error in the zlib compression library used by many versions of software. Under the proper circumstances an attacker may be able to manipulate a system call in such a manner as to create a denial of service condition or potentially allow arbitrary code to be run on the targeted system. Such code would run with the permissions of the affected program to include root. The zlib compression library is an open-source loss less data-compression library that can be used on virtually any computer hardware and operating system to provide in-memory compression and decompression functions. Zlib has been ported and modified to work on a wide variety of operating systems and applications. A bug in the zlib compression library has been posted and widely discussed that can cause programs linked to zlib to be vulnerable. Under certain circumstances segments of dynamically allocated memory may be attempted to be de-allocated (freed up) twice, i.e., a specially crafted segment of compressed data can cause an allocated chunk of memory that is freed or de-allocated by a system call to return an unexpected memory error. A subsequent system call then attempts to free the same chunk of memory a second time. In most instances, this will result in a denial of service when the application crashes. However, there is a potential that this vulnerability could be manipulated by an attacker to run arbitrary code with the permission of the affected application. If the application runs with privileged access this could result in a critical compromise of the targeted system. This vulnerability potentially affects a multitude of operating systems and applications that either contain the zlib application or dynamically link to the zlib application. Not all affected applications have been found and patched yet. There is a partial list of over 500 know zlib applications located at http://www.gzip.org/zlib/apps.html. If you do not know or if you suspect you may be using a vulnerable version of zlib, Symantec recommends contacting your vendor for update information. More informnation and recommendations are available here; <http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759. html> http://securityresponse.symantec.com/avcenter/security/Content/1720index .html <http://securityresponse.symantec.com/avcenter/security/Content/1720inde x.html> Microsoft Virtual Machine multiple flaws allow malicious control High [4] Risk Win32 Two vulnerabilities exist in the Microsoft Virtual Machine (VM) implementation. The first, which affects users who access the Internet through a proxy server, may permit a malicious applet to redirect Web traffic to another destination or record unencrypted confidential information that is sent during the Internet session. The second affects Java applets and may permit an attacker to gain control of a user's computer. The Microsoft VM runs Java code in an operating environment that, for security, is isolated from the computer on which it is run. Microsoft Virtual Machine is supplied for Windows 95, 98, ME, NT 4.0, 2000, and XP. It is also available as part of Internet Explorer 6 and earlier. The first vulnerability was reported on March 4, 2002. Because both concern the Microsoft VM, Microsoft modified the vulnerability on March 18, 2002 after discovering the second critical flaw. The flaws affect Microsoft VM Build 3802 and earlier. The first vulnerability, which only affects computers that utilize a proxy server, lies in how Java requests for proxy resources are handled. This flaw affects not only Microsoft VM, but others as well. (See the References for details.) When exploited, a malicious applet could redirect Web traffic to a destination of the attacker's choice. The attacker could then take control and discard the user's session to simulate a denial of service (DoS) or search for the user's session for unencrypted confidential data. Microsoft's best practices strongly recommend using SSL to encrypt sensitive information such as user names, passwords, and credit card numbers. If done, sensitive information is protected from examination and disclosure by an attacker exploiting this vulnerability. The second vulnerability lies in the Microsoft VM verifier and may enable an attacker to execute code in the context of the user outside of the security of the Virtual Machine. This flaw only affects Java applets, not Java applications. To exploit the vulnerability, the attacker lures the victim to a site where the malicious applet resides. Once the victim is compromised, the attacker can execute any action on the victim's computer that the victim could. These actions include creating, deleting, or modifying files, sending and receiving data to or from a Web site, or even reformatting the victim's hard drive. More informnation and recommendations are available here; <http://securityresponse.symantec.com/avcenter/venc/data/linux.jac.8759. html> http://securityresponse.symantec.com/avcenter/security/Content/1685index .html <http://securityresponse.symantec.com/avcenter/security/Content/1685inde x.html> Various Buffer Overflows and vulnerabilities. Various Various CDE dtspcd Buffer Overflow Exploit to a buffer overflow vulnerability in most versions of the CDE's Subprocess Control Service dtspcd daemon. Successful exploitation of this vulnerability could provide root access to the malicious user. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0803 HTTP IIS ISAPI Extension This exploit attempts to overflow the buffer in the ISAPI extensions of the IIS server. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0500 MSIE Pop Up Object Tag Bug Vulnerabilities exist in Internet Explorer 5.5 and 6.0 wherein the Javascript object handler allows remote access to locally stored objects. By referencing a known registry key, or identifying executable code on the local hard drive, the remote attacker can execute code on the browsing computer. SNMP Community BO Vulnerabilities exist in multiple vendors' implementations of simple network management protocol version 1 (SNMPv1) wherein the SNMP community name buffer may be overrun. This vulnerability may cause routers, switches, and managed hubs to perform erratically, or to stop processing altogether. Carefully crafted exploits may give administrator-level control of a router or computer to the attacker. This alert may also indicate a pre-strike probe using the Uolu University SNMPv1 vulnerability assessment tool, Protos. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013 Wuftpd Site Exec Overflow Washington University's FTP server versions 2.6.0 and 2.6.1 have a file globbing heap address error in the server that potentially may allow an attacker to execute a buffer overflow in the Site Exec command and gain root level access to the server. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0550 Enterprise Security News Clips Visit the Symantec Enterprise Security Web Site - http://enterprisesecurity.symantec.com/ Recent Enterprise Security News headlines include: Workers Are No. 1 Threat to Russia's IT; The Moscow Times http://enterprisesecurity.symantec.com/content.cfm?articleid=1264 Security Researcher Uncovers Two Office XP Flaws; InfoWorld Daily News http://enterprisesecurity.symantec.com/content.cfm?articleid=1263 Filtering Porn; Librarians in Court Over Internet Law; Newsday (New York, NY) http://enterprisesecurity.symantec.com/content.cfm?articleid=1255 Get the latest Enterprise Security News delivered straight to your inbox.Register for Symantec's free Enterprise Security newsletters. https://enterprisesecurity.symantec.com/Content/Subscribe.cfm Security News Symantec Contribution to Microsoft Security Operations Guide Symantec is pleased to collaborate with Microsoft on their Security Operations Guide. The Security Operations Guide is an excellent set of specific configuration recommendations that if followed will result in formidable security for Windows server platforms. Below is a set of information security articles written by Symantec security experts that expand on key points within the Security Operations Guide. Symantec products play a key role in building a defense-in-depth security posture. The security principles and recommendations outlined in the Security Operations Guide and the following articles are best managed by Symantec product solutions. As part of our commitment to the Windows platform, Symantec Security Response has created seven new Enterprise Security Manager? policies to cover many of the recommendations covered in the Security Operations Guide for Windows 2000 Servers, Windows 2000 ADS, Windows 2000 Professional, Windows NT 4 PDC, Windows NT 4 Server, and Windows NT 4 Workstations. These policies were developed from industry recognized best practices and from guidelines in the Security Operations Guide. These Symantec Enterprise Security Manager? policies are free to Enterprise Security Manager? maintenance paying customers. Enterprise Security Manager? Windows Policies <http://securityresponse.symantec.com/avcenter/security/Content/windows. os.hardening.policies.html> http://securityresponse.symantec.com/avcenter/security/Content/windows.o s.hardening.policies.html Symantec Security Articles General information security articles that elaborate on Security Operations Guide recommendations: Fundamentals of Information Security (80-20 Rule) <http://securityresponse.symantec.com/avcenter/security/Content/security .articles/fundamentals.of.info.security.html> http://securityresponse.symantec.com/avcenter/security/Content/security. articles/fundamentals.of.info.security.html Defense in Depth Benefits <http://securityresponse.symantec.com/avcenter/security/Content/security .articles/defense.in.depth.html> http://securityresponse.symantec.com/avcenter/security/Content/security. articles/defense.in.depth.html Corporate Security Policy <http://securityresponse.symantec.com/avcenter/security/Content/security .articles/corp.security.policy.html> http://securityresponse.symantec.com/avcenter/security/Content/security. articles/corp.security.policy.html Microsoft Security Operations Guide Review Microsoft's Security Operations Guide. <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu rity/prodtech/windows2000serv/staysecure/default.asp> http://www.microsoft.com/technet/treeview/default.asp?url= /technet/security/prodtech/windows2000serv/staysecure/default.asp Contacts and Subscriptions: Correspondence by email to: <mailto:securitynews@xxxxxxxxxxxx> securitynews@xxxxxxxxxxxx, no unsubscribe or support emails please. Follow <http://securityresponse.symantec.com/avcenter/newsletter.html> this link to subscribe or unsubscribe <http://securityresponse.symantec.com/avcenter/newsletter.html> http://securityresponse.symantec.com/avcenter/newsletter.html Send virus samples to: <mailto:avsubmit@xxxxxxxxxxxx> avsubmit@xxxxxxxxxxxx Disclaimer- THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. This message contains Symantec Corporation's current view of the topics discussed as of the date of this document. The information contained in this message is provided "as is" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and freedom from infringement. The user assumes the entire risk as to the accuracy and the use of this document. This document may not be distributed for profit. Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation. Other brands and products are trademarks of their respective holder(s). (c) Copyright 2002 Symantec Corporation. All rights reserved. Materials may not be published in other documents without the express, written permission of Symantec Corporation.