|
 |
 |
 |
 |
 |
|
|
|||||
|
|
|
|
|
Anyone that works with computers knows that asking questions
is just part of the process. Client's of Ask and Receive enjoy the benefit
of having a
|
|
|
Virus
Information: W32/Sober.d@MM is a Medium Risk mass-mailing worm posing as an official Microsoft patch for the Mydoom virus. Watch for telltale subject lines in English or German with the text "Microsoft Alarm: Please Read!" or "Microsoft Alarm: Bitte Lessen!" Note: Microsoft does not email patches. The worm arrives as an executable attachment or inside a Zip archive. When run, it displays fake Windows warnings and error alerts. Using its own SMTP engine, W32/Sober.d@MM also mails itself to email addresses found on the infected computer. Caution: An infected email can come from addresses you recognize. A competition between computer-virus writers is responsible for more than a dozen recent variants of the Mydoom, Netsky and Bagle viruses in the past week. That includes the most recent, W32/Bagle.j@MM, another Medium Risk mass-mailing worm with characteristics similar to its predecessors—including a potentially dangerous backdoor component.
W32/Netsky.c@MM is a Medium Risk mass-mailing worm that also copies itself to folders named "share" or "sharing" on an infected system. It spreads by stealing email addresses, spoofing or forging the "from: field". Like its earlier counterpart, the worm tries to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host computer.
Note: The attachment may be either a ZIP file (with the worm) or an executable, with a single (.doc, .htm, .rtm, .text) or double file extension (.com, .exe, .pif, .scr). Filenames that are carried within the worm include: 3D Studio Max 3dsmax.exe Caution—An infected email can come from addresses you recognize
and may contain the following information: Subject/Body: Varies. Examples include: Your provider will be disabled! 454543403 A variant of the original Mydoom virus, W32/Mydoom.f@MM is a Medium Risk mass-mailing worm that can open up hacker backdoors on infected systems and launch denial-of-service attacks that target www.microsoft.com and www.riaa.com domains. Note: Unlike previous versions of Mydoom, Mydoom.f can also delete image, movie, Excel and Word files on an infected machine. Like other mass-mailing viruses, W32/Mydoom.f@MM steals email addresses from an infected machine, then mails itself to other computers, often spoofing the "from field." The worm arrives with random subject lines, such as "Please read," "Something for you" or "Please reply". The body of the e-mail contains an executable file often disguised as a text file. Caution: An infected email can come from addresses you recognize.
Announcement Check the attached document. W32/Mydoom@MM
Bagle
A or "Beagle" W32.Swen.A@mm
virus Special
Thanks to Mike Camp for the following It spreads in several ways, including the traditional mass-mailing method of stealing addresses from address books on compromised machines, but also propagates over Internet Relay Chat (IRC) and peer-to-peer networks such as KaZaA. Successful infections attempt to steal account information, including usernames and passwords. The worm also exploits a two-year-old vulnerability in Windows -- for which a fix is available from Microsoft -- that allows it to auto-execute on unpatched PCs. In those situations, the receiving system is infected even if its user doesn't open the attached file. "Swen preys upon the good nature of individuals who want to patch their computer in the wake of new vulnerability and virus announcements," said Ken Dunham, the malicious code intelligence manager at security firm iDefense. Antivirus software suppliers
have already posted updates to their products' definition files to detect
Swen. Windows updates are available at http://windowsupdate.microsoft.com McAfee has released a new tool for those who suspect they may be infected with one of the recent viruses. McAfee AVERT Stinger Stinger is a stand-alone utility
used to detect and remove specific viruses. It is not a substitute for
full anti-virus protection, but rather a tool to assist when dealing with
an infected system. Stinger utilizes next generation scan engine technology,
including process scanning, digitally signed DAT files, and scan performance
optimizations. Date: 28 Aug 2003 Recently, some of the e-mail users have gotten unusual messages. The suspect messages are actually not from the sources they appear to be from. These messages are generated by an computer infected by a virus (a Sobig worm variant). A direct quote from McAfee's
Website: This worm uses a technique known as "spoofing." When it performs its email routine, it can use a randomly chosen address that it finds on an infected computer as the "From:" address. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else. For example, Linda Anderson is using a computer that is infected with W32/Sobig.f@MM. Linda is not using an anti-virus program or does not have current virus definitions. When Sobig performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, McAfee Anti-Virus does not find anything--as would be expected--because his computer is not infected. The subject line, message bodies, and attachment file names are random. The "From" address is randomly chosen from email addresses that the worm finds on the infected computer The worm will search files on the infected computer for email addresses. This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. The worm contains its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm encounters the address user@abc123.com it will attempt to send email via the server smtp.abc123.com. As long as we use computers for communication, and as long as there are programmers who write malicious code, then there will be viruses. The best policy is to continue to practice safe computing, which involves: 1. Do not open an attachment from ANYONE (even someone you know) unless you are expecting it - or you have verified that it truly is from the indicated sender. 2. Any email you weren't expecting should be treated with suspicion, even if it comes from someone you know. It is worth calling whoever sent it to you to check that they intended to send you the email. 3. Do not run, download or forward any unsolicited executables, documents, spreadsheets, etc. Anything that runs on your PC should be virus checked and approved first. 4. Do not open any files with a double file extension, (e.g. report.doc.vbs). Under normal circumstances you should never need to receive or use these. 5. Do not download executables (.exe) or documents from the internet. These are often used to spread computer viruses. 6.Although JPG, GIF and MP3 files cannot be infected with a virus, viruses can be disguised as these file types. Jokes, pictures, graphics, screensavers and movie files should be treated with the same amount of suspicion as other file types. 7. If you have to work at home ensure that you follow the same procedures there as you do at work. Viruses can easily be brought into an organization along with work that has been done on a home PC. 8. If you use diskettes or "Zip disks" then scan them regularly for viruses. 9. Make copies of your important files. This will provide you with a backup in case a virus damages your computer. 10. If you think you have been infected with a virus, contact me immediately. If in doubt, always ask for advice; do not open the file or email. 11. Always use an antivirus software such as norton or mcafee and be sure to keep it updated.
|
|
|
|
||||||||||||||||||
|
|
|
|
|
