MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Virus Software Updates (Read Only)
Register FAQ Members List Calendar Casino Mark Forums Read

Virus Software Updates (Read Only) Make sure your anti-virus is up to date and protecting you.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-22-03, 08:41
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default Major Security / Virus Warnings

MAJOR SECURITY VIRUS WARNINGS Will be posted here as and when i receive them. It is very important to follow the recommendations from the authors of the relevant software involved

Regards
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 11-04-06 at 18:36..
Reply With Quote
The Following User Says Thank You to NICK ADSL UK For This Useful Post:
Hyphen (07-23-09)
Sponsored links
  #2  
Old 12-22-03, 08:43
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

This is a virus alert for W32/Sober.C, a new Sober variant
first detected on 20 December 2003. This worm has gained
considerable momentum in recent days, particularly in German
speaking areas.

Risk:
Due to its distribution W32/Sober.C@mm is estimated to be
medium risk.

Recommended Reactions:
Users of F-Prot Antivirus should update their virus signature
files immediately. W32/Sober.C is detected by F-Prot
Antivirus using virus signature files dated 20 December 2003
and later.

--
F-Prot Antivirus Alert Service
http://www.f-prot.com
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #3  
Old 01-01-04, 11:35
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Common name: Jitux.A

Technical name: W32/Jitux.A.worm

Threat level: High

Type: Worm

Subtype: Trojan

Effects:
It spreads via MSN Messenger. It goes memory resident and sends messages every five minutes.



Affected platforms: Windows 2003/XP/2000/NT/ME/98/95


First appeared on: Dec. 30, 2003

In circulation? Yes


Brief Description




Jitux.A is a worm that spreads via the instant messaging program MSN Messenger in a message that only contains a link to the web page . When the user visits this web page, a file called JITUXRAMON.EXE is downloaded.

Once the file JITUXRAMON.EXE is run, the computer is affected. Jitux.A goes memory resident and sends the message specified above to all the active contacts in Messenger's Contact list every five minutes.


Visible Symptoms

Jitux.A is easy to recognize, as it reaches the computer when the user visits a link contained in a message received via MSN Messenger:







Last updated: Dec. 30, 2003

Source courtesy of panda software
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #4  
Old 01-01-04, 13:54
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Current Virus Warnings
Win32.HLLM.Foo.25632
(W32.Paylap@mm, Win32/Mimail.Variant.Worm, JS.Mimail.I)

The worm spreads as an attachment to a mail message.
The worm is using its own SMTP server.
To secure the launch of the attachment containing the worm's body named PATPAL.ASP.SCR the aggressor employs the so-called social-engineering technique. The subject YOUR PAYPAL.COM ACCOUNT EXPIRES and the message body, sent as if by the administrator of the on-line payment company PayPal, serve to persuade the user to open the infected file.

Mail format:

From:PayPal.com
To:donotreply@paypal.com
Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
Mail text:
Dear PayPal member,

PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address

<your@EMail.Address.is.here>

will be expiring within five business days....

Attached file: www.paypal.com.scr


The worm will be activated only if the user will open the false form!



Win32.HLLM.Foo.25632 is detected and disinfected by Dr.Web since November 14, 2003.
If the SpIDer Mail module is active, it protects against all messages infected by this worm.
INFORMATION COURTESY OF DR WEB SOFTWARE
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #5  
Old 01-11-04, 07:34
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Trojan.Xombe is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site.

The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.

The email has the following characteristics:

From: windowsupdate@microsoft.com
Subject: Windows XP Service Pack 1 (Express) - Critical Update.
Attachment: winxp_sp1.exe(4,096 KB)

The Trojan is packed with UPX.


Also Known As: Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x

INFORMATION COURTESY OF NORTON
Please note
Microsoft never send patches or updates via email. So users should become aware that any such message and related file attachment is probably an attempt to compromise the security of their systems.
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
Sponsored links
  #6  
Old 01-19-04, 06:55
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

ATTENTION TO EVERYONE

This is a virus alert for W32/Bagle.A@mm a new mass-mailing
worm first detected on 18 January 2004. This worm has rapidly
gained momentum over the past 24 hours and has spread
considerably.

Risk:
Due to its distribution W32/Bagle.A@mm is estimated to be
medium risk.

Recommended Reactions:
Users of ALL Antivirus should update their virus signature
files immediately. W32/Bagle.A is detected by
Antivirus using virus signature files dated 19 January 2004
and later.
__________________
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 01-19-04 at 13:11..
Reply With Quote
  #7  
Old 01-26-04, 18:38
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

ATTENTION TO EVERYONE WILL YOU PLEASE MAKE SURE YOUR ANTI VIRUS IS UP TO DATE WITH THE LATEST SIGNATURE FILES
This is a virus alert for W32/Mydoom.A@mm, a new mass-mailing
worm first detected on 26 January 2004. This worm has rapidly
gained momentum in the last few hours and has spread
considerably.

Risk:
Due to its distribution W32/Mydoom.A@mm is estimated to be
medium risk.
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #8  
Old 01-27-04, 02:49
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Dear nick,
HI EVERYONE PLEASE NOTE THAT THIS WORM IS NOW HIGH RISK
W32/Mydoom@MM is a HIGH-OUTBREAK mass-mailing worm flooding email servers worldwide. When run, the worm steals email addresses from the infected machine and also automatically generates random email addresses for propagation. This email generation engine is similar to technologies spammers use to generate addresses for spam email campaigns.

W32/Mydoom@MM generates emails with a spoofed "From: field", so incoming messages may appear to be from people you know. Furthermore, the subject line and message body are both randomly generated by the worm.


Caution—An infected email can come from addresses you recognize and may contain the following information:

From: randomly generated (spoofed)
Subject: randomly generated
Body: randomly generated—examples:

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.

Attachment: randomly generated
The icon used by the file tries to make it appear as if the attachment is a text file. The attachment type varies [.exe, .pif, .cmd, .scr]—often arrives in a ZIP archive. (filesize = 22,528 bytes)

Aliases: Novarg, W32.Novarg.A@mm, Win32/Shimg, WORM_MIMAIL.R

INFORMATION KINDLY SENT TO ME FROM McAfee
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 01-27-04 at 02:53..
Reply With Quote
  #9  
Old 01-28-04, 17:54
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

HI EVERYONE PLEASE NOTE THAT THIS WORM W32/Mydoom@MM is still high risk
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
The Following User Says Thank You to NICK ADSL UK For This Useful Post:
proatwork (01-03-09)
  #10  
Old 01-30-04, 03:22
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

NEW RISK FOR THE 30-1-04
Dear nick,

W32/Mimail.s@MM is a Medium Risk mass-mailing worm that tries to steal credit card information by displaying a fake Microsoft Windows license expiration message. Stolen credit numbers are sent to addresses within the domains @mail15.com and @ziplip.com.

W32/Mimail.s@MM also forwards itself to contacts it steals from the infected machine.

Caution: Watch out for emails with "here is the file you asked for" in the subject line or body. They may contain an attachment with the W32/Mimail.s@MM worm.


What to look for:

From: An infected email can come from people you know.
Subject: here is the file you asked for
Body: Hi! Here is the file you asked for!
Attachment: example--document.txt.scr
possible file extensions used: .pif, .scr, .exe, .jpg.scr, .jpg.pif, .jpg.exe, .gif.exe, .gif.pif, .gif.scr
Aliases: W32.Mimail.R@mm

INFORMATION KINDLY SENT TO ME FROM McAfee
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
Sponsored links
  #11  
Old 01-31-04, 10:00
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

31-1-04
HI EVERYONE PLEASE NOTE THAT THIS WORM W32/Mydoom@MM IS STILL VERY HIGH RISK
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #12  
Old 02-01-04, 14:05
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

THIS IS THE LATEST UPDATE FOR ALL THE MAJOR VIRUSES AT THE PRESENT TIME. For the Expanded Threat List and Virus Encyclopedia please see the link below

VIRUS NAME

ALIASES

THREAT LEVEL

W32.Novarg.A@mm
I-Worm/Novarg, W32/Mydoom-A, W32/Mydoom@mm, WORM_MIMAIL.R

High

W32.Beagle.A@mm
I-Worm/Bagle, W32/Bagle-A, W32/Bagle@mm, WORM_BAGLE.A

Medium

Downloader-GN
TrojanDownloder.Win32.Small.cz, TrojanDownloaer.Win32.Mimail, Troj/Mmdload-A, Downloader.Mimail.B

Low

W32.Mimail.J@mm
I-Worm/Mimail.J, W32/Mimail-J, W32/Mimail.J@mm, WORM_MIMAIL.J, Mimail.I

Medium

W32.Mimail.C@mm
I-Worm/Mimail.C, W32/Mimail-C, W32/Mimail.c@mm, WORM_MIMAIL.C, I-Worm.NetWatch

Medium

W32.Swen.A
Swen, W32/Gibe.E-mm, I-Worm.Swen, W32/Gibe-F, WORM_SWEN.A

High

W32.Sluter.B
W32.Randex.F, W32/Sluter-B, Backdoor.Sdbot.gen

Medium

Backdoor.Apdoor.c
Bck/Apdoor.c, W32/Apdoor.C

Low

W32.Dumaru@mm
I-Worm/Dumaru, WORM_DUMARU.A, W32/Dumaru-A, W32/Dumaru@mm

Medium

W32.Sobig.F@mm
I-Worm/Sobig.F, WORM_SOBIG.F, Sobig.F, W32/Sobig-F, W32/Sobig.F

Medium

W32.Welchia.Worm
I-Worm/Generic, WORM_MSBLAST.D, Lovsan.D, W32/Nachi-A

High

W32.Blaster.C.Worm
W32/Lovsan.C.Worm, I-Worm/Generic, Worm/Lovsan.B, W32/Blaster-B, WORM_MSBLAST.C

Medium

W32.Blaster.Worm
Worm/Lovsan, W32/Blaster-A, W32/Lovsan.Worm, WORM_MSBLAST.A, Blaster, Lovesan, Win32.Poza

High

W32.Mimail.A@mm
I-Worm/Mimail, W32/Mimail-A, W32/Mimail@mm, WORM_MIMAIL.A, TrojanDropper.Js.Mimail

Medium

Trojan.W32.Webber
Downloader-DI, TrojanProxy.Win32.Webber, Troj/Webber-A, Trojan.Download.Berbew

Medium

W32.Mylife.N@mm
I-Worm/Mylife.N, W32/Mylife-M, Win32.Mylife.M

Low

W32.Mumu.B.Worm
Mumu.B, WORM_MUMU.A, W32.Mumu-C.

Low

W32.Sobig.E@mm
I-Worm.Sobig.gen, WORM_SOBIG.E, W32/Sobig-E, Sobig.E Worm

High

W32.Yaha.T@mm
I-Worm.Lentin.gen, W32/Yaha-T, W32/Yaha.T@mm, Yaha.T

Low

W32.Mapson@mm
I-Worm.Mapson, W32/Mapson-A, WORM_MAPSON.A, W32/Mapson.Worm, W32/Lorraine

Medium

W32.Sobig.D@mm
I-Worm.Sobig.gen, WORM_SOBIG.D, W32/Sobig-D, Sobig.D Worm

Low

W32.Sobig.C@mm
I-Worm.Sobig.c, WORM_SOBIG.C, W32/Sobig-C, Sobig.C Worm

Low

W32.Bugbear.B@mm
I-Worm.Bugbear.B, W32/Bugbear-B, WORM_BUGBEAR.B, Tanatos.b

High

JS/Fortnight.B
JS.Fortnight.M, JS/Fortnight.D , EML.Fortnight, Fortnight.C

Medium

W32.Yaha.P@mm
I-Worm.Lentin.m, I-Worm/Yaha.P, W32/Yaha-P, WORM_YAHA.P

Low

W32.Lovegate.F@mm
I-Worm/Lovegate, I-Worm.Supnot.f, WORM_LOVGATE.F, W32.HLLW.LoveGate.G@mm

Medium

W32.Palyh@mm
I-Worm.Palyh, WORM_SOBIG.B, W32/Palyh-A, W32.HLLW.Mankx@mm, Sobig.B Worm

Low

W32.Fizzer@mm
I-Worm/Fizzer, WORM_FIZZER.A, W32.HLLW.Fizzer@mm, W32.Fizzer-A

Low

W32.Yaha.K@mm
I-Worm.Lentin.I, W32/Yaha-M, WORM_YAHA.K, Yaha.K

Medium

W32.Lirva.A@mm
I-Worm.Lirva, W32/Avril-A, WORM_LIRVA.A, W32.Naith.A

Low

W32.Bugbear@mm
I-Worm.Bugbear, W32/Bugbear-A, WORM_BUGBEAR.A, Tanatos

Medium

W32.Yaha.E@mm
I-Worm.Lentin.g, W32/Yaha-E, WORM_YAHA.G, Yaha.E

Medium

Worm/Opaserv.K
Opaserv.K, WORM_OPASERV_K, W32.Opaserv.M.Worm

Medium

Worm/Opaserv.E
Opaserv.E, WORM_OPASERV_E, W32.Opaserv.E.Worm

Medium

Expanded Threat List and Virus Encyclopedia...
http://www.srnmicro.com/virusinfo/latestvir1.htm
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 02-06-04 at 18:25..
Reply With Quote
  #13  
Old 02-10-04, 11:24
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

PSS Security Response Team Alert - New Worm: W32/Mydoom@MM
Hi all this is the latest update review from Microsoft regarding the above. If you have not done so already i would suggest you read up on the update as it now stands
https://information.microsoft.com/te...rts/mydoom.asp
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 02-13-04 at 17:06..
Reply With Quote
  #14  
Old 02-17-04, 13:58
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

17 February 2004

New Bagle-B worm spreading, warns Sophos
Sophos, a world leader in protecting businesses against spam and viruses, is warning of a new worm called Tanx-A (also known as Bagle-B). Sophos has received several reports of this worm spreading in the wild.

The Tanx-A (Bagle-B) worm spreads via email and arrives with the subject line 'ID' followed by various random characters and the message text 'Yours ID'. An attached .exe file, has a randomly generated filename. If run, a remote access component allows hackers to gain remote access to infected computers.

The worm harvests email addresses from infected PCs and, when forwarding itself on to other computer users, spoofs the "From:" field using addresses found on the computer's hard drive.

"Bagle-B tries to deceive computer users by spoofing the sender's address, but the worm is easy to spot because of its distinctive subject line," said Carole Theriault, security consultant, Sophos. "The message is simple - don't open unsolicited emails and don't automatically trust emails that appear to come from a known contact. Practising safe computing and blocking executable files at the email gateway will prevent infection from this worm."

Like its predecessor, Bagle-A, this worm has a built in 'dead date' and has been designed to fall dormant on 25 February 2004.

Further information and protection against W32/Tanx-A (Bagle-B)
http://www.sophos.com/virusinfo/analyses/w32tanxa.html
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #15  
Old 02-18-04, 18:38
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Dear nick,

W32/Netsky.b@MM is a Medium Risk mass-mailing worm that copies itself to folders named "share" or "sharing" on the infected system. It spreads itself to addresses it steals, spoofing or forging the "from: field" or using the address skynet@skynet.de. The worm also tries to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host computer.

Caution: An infected email can come from addresses you recognize.


What to look for:

Subject/Body: Varies. Examples include:
-I have your password!
-about me
-anything ok?
-do you?
-from the chatter
Attachment: Varies but may have a double-extension such as .rtf.pif contained in a .ZIP file.
Aliases: Moodown.B, I-Worm.Moodown.b

Up-to-date McAfee VirusScan users with DAT 4325 are protected from this threat.
http://us.mcafee.com/virusInfo/defau...01034&cid=9647
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
Sponsored links
  #16  
Old 02-28-04, 16:11
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Hi all
This is the current security virus update for the 28-2-2004
This week's report on viruses and intrusions focuses on four worms: Netsky.C, Bizex.A, Nachi.D and Mydoom.F.

Netsky.C spreads via e-mail -in a message with variable characteristics- and through peer-to-peer file sharing applications. This malicious code deletes registry entries made by several worms including Mydoom.A and Mimail.T. In addition, when the system date is February 26 2004, Netsky.C emits random noises between 6.00 and 8.59 in the morning.

Bizex.A, on the other hand, spreads through the ICQ instant messaging program. It also downloads and runs a copy of itself by exploiting two recently detected flaws in Internet Explorer.

Bizex.A tries to steal information that users enter in websites of banks or other financial entities as well as information transmitted via HTTPS (HTTP over Secure Socket Layer) related to the login.yahoo.com and .passport domains. The data gathered is sent to an FTP server.

The third worm we'll look at in this report is Nachi.D, which spreads to computers with Windows 2003, XP, 2000 or NT. In order to spread as widely as possible it downloads a copy of itself by exploiting three vulnerabilities: Buffer Overrun in RPC Interface, WebDAV and Workstation Service Buffer Overrun. This action causes an increase in network traffic through TCP ports 80, 135 and 445.

Nachi.D can uninstall the A and B variants of Mydoom and Doomjuice, terminating their processes and removing any associated files. When the system date is June 1 or later, Nachi.D deletes itself.

Finally, we'll look at the F variant of Mydoom, which spreads in an e-mail message with variable characteristics. This is a destructive worm which deletes all files with any of the following extensions: AVI, BMP, DOC, JPG, MDB, SAV y XLS.

Mydoom.F installs a DLL which opens a backdoor and allows antivirus processes to be terminated, which leaves the PC vulnerable to attack from other malware. When the system date is between the 17th and 22nd of any month (and year) this worm carries out a distributed denial of service attack (DDoS) against w w w.microsoft.com and w w w.riaa.com (two out of three of the attacks are against Microsoft).

In seven out of ten cases, Mydoom.F displays an error message in the infected computer.
And lastly don't forget to keep your anti virus updated at all times
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 02-28-04 at 16:33..
Reply With Quote
  #17  
Old 03-01-04, 12:44
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Hi all
We have a major outbreak as from today with the following viruses
W32/Bagle-H -
1 Mar (17:15) W32/Netsky-E -
1 Mar (11:38) W32/Netsky-D -
1 Mar (04:26) W32/Bagle-G -
1 Mar (00:18) W32/Bagle-F
Netsky.D and Bagle.E are spreading rapidly around the world.
Netsky.D reaches computers in an e-mail message whose subject, message body and attached file are selected at random from a list of options. Unlike the C variant, Netsky.D launches eight simultaneous threads, which means that from each infected computer, it will send at least eight times more infected mails

Bagle.E is a worm that spreads via e-mail in a message with variable characteristics, and an attached file that has an icon similar to the one belonging to Windows Notepad. Bagle.E contains a backdoor which opens the TCP port 2745. It attempts to connect to several web pages that host a PHP script. By doing this, Bagle.E notifies its author that the affected computer can be accessed through the port mentioned above.
Will you all make sure that you have updated your virus software
Regards
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Last edited by NICK ADSL UK; 03-01-04 at 12:55.. Reason: added additional information
Reply With Quote
  #18  
Old 03-01-04, 16:00
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

This is a virus alert for six new variants of the Bagle
family and two new variants of the Netsky family:

W32/Bagle.C@mm
W32/Bagle.D@mm
W32/Bagle.E@mm
W32/Bagle.F@mm
W32/Bagle.G@mm
W32/Bagle.H@mm
W32/Netsky.D@mm
W32/Netsky.E@mm

These new variants started spreading between 28 February and
1 March 2004.

Risk:
Most of these new variants are rated low risk and would not
warrant a virus alert on their own. Given the number of new
variants in a relatively short span of time, however, there
is reason for computer users to be careful.

Recommended Reactions:
Users of Antivirus should update their virus signature
files immediately. These variants are all detected by
Antivirus using virus signature files dated 1 March 2004 and
later. Note that multiple virus signature files were
released between 28 February and 1 March, each of which
detected all the variants that had been discovered at the
time of their release.

More information on these new variants of the Bagle and
Netsky families can be found at http://www.f-prot.com/virusinfo/

--
F-Prot Antivirus Alert Service
http://www.f-prot.com
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #19  
Old 03-03-04, 07:57
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

Hi all
Please be aware that there is intense virus activity at the present time. And just a reminder to you all to keep checking that you have installed the latest updates as they will be coming through very fast today and at regular intervals
regards
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
  #20  
Old 03-03-04, 15:44
NICK ADSL UK's Avatar
NICK ADSL UK NICK ADSL UK is offline
MajorGeeks Forum Administrator
 
Join Date: Mar 2003
Location: UK
Posts: 21,223
Thanks: 101
Thanked 172 Times in 151 Posts
Default

ATTENTION EVERYONE
With regards to my post above the situation has continued to deteriorate throughout the day. Do please make sure that you check and update at least every 2 to 3 hours even through you may have your settings on automatic it is most wise to check the website and confirm to yourself that you are up to date with your virus signature's and if not download the updates manually
regards
__________________
Majorgeeks on Facebook:

Majorgeeks Newsletter


Wilders Security Forum Admin
Microsoft MVP - Consumer Security

Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to delete file A0016131.CPY?? Virus Problem. TR15220 Software 16 05-15-05 01:11


All times are GMT -5. The time now is 01:48.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger