New virus spreading around!

[Moparmike]

Request Float: New virus spreading around!

Mods, could I get a float for a day or two? I have already recieved 3 copies of this in the last half-hour. Thanks.

Most of the Anti-Virus venders are calling it
Bagle.B. This virus harvests email addresses from infected computers and
uses those addresses as the To: address while spoofing the From:
address. The primary characteristics of the emails it sends are as follows:

* Subject: ID <6 random characters>... thanks
* Body:
* Yours ID <9 random characters>
* - -
* Thank
* Attachment: <7 random characters>.exe

If the attachment is opened, it will create a backdoor on tcp port 8866 and
will search 4 websites for email addresses to announce the IP address of
the infected computer to would-be hackers. Afterwards the infected
computer will start mass-mailing the virus laden emails to any email
addresses it finds on the infected computer.

For more technical details please check the following websites.
Symantec - http://www.sarc.com/avcenter/venc/data/[email protected]
McAfee -
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101030
Sophos - http://www.sophos.com/virusinfo/analyses/w32tanxa.html
Internet Storm Center - http://isc.sans.org/
(or your favorite Anti-Virus Vendor's website)

 

[Mal H]

Ok, I'll float it for 2 days. That should give a good percentage of our membrs a chance to see it. It is in fact, off topic, but I would put it in the looking-out-for-each-other category.

I have received around 15 virus infected emails in the past week or so. Thank you McAfee!

 

[TimH]

I've been getting hit alot also the past week.

 

[jamz]

Thanks for the heads up, Mike. No hits here, but there are two people at my company that get EVERY virs EVERY time, regardless of the warnings. I think I will manually quarantien their computers for the next few days.

-James

 

[joab]

I've been getting hit for a few days. They got me with MyDoom last month I must be on some kinda list. Now I don't open any attachments even if I know you

 

[twoblink]

Why I run unix..

I love shooting at Bill Gates posters in Vegas...

 

[Mike Irwin]

Does this one propagate through Outlook only, or does it hit other e-mail programs, like Yahoo?

 

[P95Carry]

Whilst Mal has been kind enough to let this thread sit a while ..... might as well add this one FYI ... received today ...... all worth noting ......

W32/Netsky.b@MM is a Medium Risk mass-mailing worm that
copies itself to folders named "share" or "sharing" on the
infected system. It spreads itself to addresses it steals,
spoofing or forging the "from: field" or using the address
[email protected]. The worm also tries to deactivate the
W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host
computer.

Caution: An infected email can come from addresses you
recognize.
------------------------------------------------------------
***What to look for***

Subject-Body: Varies. Examples include:

-I have your password!
-about me
-anything ok?
-do you?
-from the chatter

Attachment: Varies but may have a double-extension such as
.rtf.pif contained in a .ZIP file.

Aliases: Moodown.B, I-Worm.Moodown.b
------------------------------------------------------------

Up-to-date McAfee VirusScan users with DAT 4325 are
protected from this threat.

Learn More about W32/Netsky.b@MM
==> http://us.mcafee.com/root/campaign.asp?cid=9647

Scan for W32/Netsky.b@MM:
==> http://us.mcafee.com/root/campaign.asp?cid=9648

 

[Guy L Johnson]

Just Cleaned This One Out

BackDoor-FK.svr (at least that is what it was detected as)

Delete Any Registry Key referenceing "mstask32" ( hlmk/software/microsoft/run/mstask32 )

run scanreg and when it ask if you want to back it up say yes

Restart

Find Mstask32 and delete (cant delete before because it is running)

clean recycling bin

restart

should work for win 98, 98se, Me

some infected machines will have false error window "error 38427"there is no such error, and yes i know i left out part of the instructions but the important stuff is there and if they have to ask someone else should be doing it.

Good Luck
Guy L Johnson
there are a lot of variants and the propagate by executable atachment as mopar mike noted or it may be a different one mine was infected Feb 2nd but the action of it sounds the same

 

[Topgun]

I have gotten DAILY auto-updates from Norton this week. Usually get the auto update on Thursdays, but.....sumpin....is up for them to be auto updating this often.

I think a "Hacker's Alley" would be a nice addition to a range.

Shoot the geeks.

 

[braindead0]

The wankers that write this stuff are not *hackers*.. a good hack wouldn't be found out until it was far too late...and it would attack Unix boxen as well.. but of course most *nix sysadmins aren't idiots..

Blame Bill G and his lust for power..

 

[Dave Markowitz]

Shoot the geeks.

Watch it, some of us shoot back.

Anyway, if anyone needs cheap antivirus protection, Grisoft makes a free version of AVG Antivirus. Go to http://www.grisoft.com/.

I've used it on a few Windows PCs and it's worked well so far.

 

[joab]

Does this one propagate through Outlook only, or does it hit other e-mail programs, like Yahoo?

.
I use Outlook, Yahoo, and MSN. All viruses seem to be coming in on Outlook

I have gotten DAILY auto-updates from Norton this week. Usually get the auto update on Thursdays, but.....sumpin....is up for them to be auto updating this often

I have Norton now also and have noticed the same thing

Anyway, if anyone needs cheap antivirus protection, Grisoft makes a free version of AVG Antivirus. Go to http://www.grisoft.com/.

Thats who I had when I got the last virus. But I don't know if any of them could have stopped it.

Bottom line is NEVER open an attachment if you don't know who sent it and you don't know why they sent it and you didn't ask for them to senf it.
I also upped the security on my e-mail. If you're not on the list you don't get in.

 

[tc300mag1]

Jezz wonder if we can add a micro crap alley so you can shoot more wholes in the microsoft sercuirty as many holes as there seem to be what did they actually secure in the begining

 

[twoblink]

Put the blame where it is; Microsoft.

STOP USING OUTLOOK. It's like people who keep complaining that they get AIDS from unclean hore-houses.. STOP GOING THERE.

And as for Norton.. or what I like to call "How to make your Intel P4 run like a 386".
It's a horrid anti-virus software almost akin to Microsoft. When I reinstalled another virus scanning software, it caught a HUGE amount of viruses Norton said didn't exist..

Use unix.. Life will be better..

 

[George Hill]

I just install and am trying out Outlook 2003. I've got Norton on it... NAV and IS... and I have the XP built in firewall up. I check for new virus definitions daily.

How is Outlook still going to be a problem for me? I've gone from Outlook XP to Mozilla, and now I'm trying out Outlook 2003... and so far, I am liking it a lot better than Zilla. The spam filtering is much better. In fact, I've had 100% accuracy in the filter so far. No good messages filtered out and no bad messages slipping in. Can't say that with Zilla... with Zilla I still get like 75 to 100 spams a day that sneak in. It's filtering is awful. Mozilla mail, other than the spam filtering is very cool... but still a touch buggy.
I just wish Eudora was still supported.
Are there any other good email clients with the features like spam filtering and stability and security... and free?

And don't give me that MAC or *Nix crap... I like to be able to get new games once in awhile and have cool video cards that work when I plug them in.

 

[P95Carry]

Not free George ... but IIRC not too expensive either .. ''Forte Agent'' ..... I have used this for about 5 years or so ... not perfection but .. very good filtering options .. ASCII only ... and once you get your head around it . very versatile.

 

[foghornl]

My "Day Job" is a Network Admin in a Windoze NT environment. So, my Anti-Virus is Computer Associates InoculateIT. My A/V "redistribution server" is set to check the CA site evey hour for updates, each desktop PC updates once a day. CA also offers a free web-based AV scanner.

If you don't have any anti-virus stuff, here is a short blurb and a link to the free web-based scanner from Computer Associates.

eTrust AV Web Scanner
Computer Associates is proud to announce the availability of our free, web based antivirus scanner. The scanner can be used to scan for viruses using Internet Explorer on any Windows based platform. Please visit

ca.com/virusinfo/virusscan.aspx.

The scanner will initially update its signatures, if necessary, then present a tree of drives which can be selected for scanning. The tree can be expanded to allow for individual directories to be selected and scanned. If an infection or suspicious file is found, you can decide if you want to submit to CA for evaluation. The file will be sent and responses returned via email.


I have no monetary interest whatsoever in Computer Associates; just passing along info that may be useful to some.