Virus and Worm ALERT Thread!!!

[Rbreb13]

If anybody hears of one or knows of a new one that has reared its ugly head.

Post it here. This way we can help all our members to remain Virus free.

Virus and worm writers have to be one of the lowest forms of life on the planet and we need to do all we can to see that there "work" is for naught.

Also heres a list of some anti-virus resources. If you think of some I missed PM me and I'll add them in.

Anti-Virus software and fixes:

Symantec Anti-virus Research Center

Symantec/Norton

McAfee

Panda

Online Virus scanners:

Housecall @Trend Micro Free

Symantec Free

McAfee Subsription Required

Panda Free

[Rbreb13]

New email worm detected

November 26 2002

Anti-virus software maker F-Secure has reported the presence of a new email worm called Winevar. 

The company has ranked it as a level 2 alert - a new worm causing large infections which might be local to a specific region. 

More Here

[Rbreb13]

While it's not widespread yet, a worm called WINEVAR.A is making the rounds and is likely to do a great deal of damage to unprotected Windows computers. According to this technical description, the worm changes the ownership information in the computer's registry, kills antivirus programs, and infects the victim machine with the Funlove virus. It also mails itself to the user's e-mail contacts. 

More Here

[Rbreb13]

January 3, 2003 

Yaha Worm Wreaks Confusion

By Dennis Fisher

A lack of consensus on the way that new viruses are named led to confusion among anti-virus companies this week and may have resulted in some users being unsure whether they were protected against the latest variant of the Yaha worm. 

Anti-virus vendors began seeing a new minor variant of the Yaha mass-mailing worm shortly before Christmas. The first copies seemed to be coming from Middle Eastern countries, including Kuwait. AV vendors were quick to recognize the worm's characteristics and identify it as a version of Yaha, a worm that had first appeared around Valentine's Day last year. But that's where the agreement ended and the confusion began. 

 

http://www.eweek.com/article2/0,3959,806617,00.asp

[jsgolfman]

Just what I need, something else to worry about.

[jsgolfman]

Antivirus experts are warning of a new virus, code-named W32/Sobig.A, which was discovered late last week and spread rapidly over the weekend. By Monday morning, Sobig was the second most prevalent virus on the Internet, according to e-mail security firm MessageLabs.

Stomp this

[Digital_Terror]

Another Buffer Overflow issue:

http://news.com.com/2100-1002_3-5074415.ht...html?tag=fd_top

DT

[Rbreb13]

A program that exploits a software vulnerability Microsoft recently described could spell trouble for companies that haven't quickly patched their system, security experts said this week.

Released on a security mailing list earlier this week, the program takes advantage of a flaw in Microsoft's Messenger Service to cause Windows-based computers to crash. The vulnerability affects almost every current Microsoft Windows system, leaving security experts concerned that independent hackers will quickly find a way to take control of a large number of computers by exploiting the flaw.

Read More

Lets get out there and check those systems guys/gals!!

[Rbreb13]

A new PayPal virus is going around. If you see an email from "PayPal" claiming it needs your account information, delete it immediately. If you open the email for some reason, don't click the link in it. Instead of launching a website, it launches an application that collects your personal information and sends the info back to the bad guys.

[Rbreb13]

A major new dial-up networking threat circulating through Europe and Australia is almost certain to hit the United States and Canada soon. This involves a malicious Web site and often a series of pop-up ads. When you click on one to close it, you're instantly disconnected from your dial-up connection, and your system immediately redials, but this time to an international number that may link you to a porno site or simply put you back on the Web. You're billed up to $160 per hour for the connection, and you'll probably not even know that anything has happened. There are reports of enormous telephone bills going to families in various parts of the world. This is such an easy and lucrative scheme that it’s likely to spread. Most corporate office users and others with broadband connections aren’t at risk, but mobile users are, as are any telecommuters who use dial-up. You may be able to have international access blocked from your dial-up line, which would be an excellent method for blocking this type of attack. Similarly, in Europe, the Zelig worm actually changes your default dial-up number to reroute your access to your regular ISP by way of Aruba. Microsoft is taking a long-overdue step in the cybersecurity wars by digging into its tightly clenched war chest of money and offering a $250,000 reward for information leading to the arrest of those responsible for the MSBlast worm, as well as a like reward for the creator of SoBig. This could have major implications in the war on malicious hackers, and it will probably earn Microsoft some goodwill from users and businesses.

[jsgolfman]

Thank god I am no longer on dialup.

[[COD]Big_Balls]

I think the people that are making the worms are the same people that make the anti virus for the worms.

[ballsdeep]

I agree. I think Norton needs to turn themselves in. They need to stop making viruses just so they can sell the little patch that they sit on after it does all the destruction. They dont care if you buy thier software, they just know you will be screwed without it! - this is not really what i believe but somehting i think about often

[Rbreb13]

New virus infects PCs, whacks SCO

update A mass-mailing virus quickly spread through the Internet on Monday, compromising computers so that they attack the SCO Group's Web server with a flood of data on Feb. 1, according to antivirus companies.

The virus--known as MyDoom, Novarg and as a variant of the Mimail virus by different antivirus companies--arrives in an in-box with one of several different random subject lines, such as "Mail Delivery System," "Test" or "Mail Transaction Failed." The body of the e-mail contains an executable file and a statement such as: "The message contains Unicode characters and has been sent as a binary attachment.

More Here

[Junior]

I agree. I think Norton needs to turn themselves in. They need to stop making viruses just so they can sell the little patch that they sit on after it does all the destruction. They dont care if you buy thier software, they just know you will be screwed without it! - this is not really what i believe but somehting i think about often

I guess it's a good thing I don't use norton.

Got another one just today. that makes three. now.

Todays was from [email protected] and [email protected] .

[Bruceleeon]

COD is getting hit with these... luckily the mailscanner i installed on the server has been catching them and removing the attatchments. I have had about 30 emails TODAY that the server rejected due to viruses... GO COD!!!

[Rbreb13]

Not really a virus or anything but definitely a security risk worth knowing about.

ZoneAlarm Bug Bares System To E-Mail Attack

Security vendor Zone Labs has disclosed that several versions of its personal-firewall products are vulnerable to a buffer-overflow attack that could compromise the system.

ZoneAlarm, ZoneAlarm Plus and ZoneAlarm Pro 4.0.0 versions; ZoneAlarm Pro 4.5.0; as well as Zone Labs Integrity Client 4.0.0 are vulnerable, the company said. Versions earlier than 4.0.0 are not. ZoneAlarm users are advised to upgrade to Version 4.5.538.001. (See the Zone Labs advisory for more details and how to obtain the upgrades.

http://www.eweek.com/article2/0,4149,15309...3119TX1K0000594

[jsgolfman]

That's the version I run. I have been getting a lot of notices at work from our IT group about updates and vulnerabilities.