Advertise your event here banner here
™ 20 countdown.com Photo Caption
Advertise your event here banner
here
™ 20
countdown.com Photo Caption
New Email Worm 'My Party' Surfaces, Begins to Grow
Mon Jan 28, 2002
New Email Worm 'My Party' Surfaces, Begins to Grow. A new computer bug that tries to trick computer users into clicking on a virus-infected Web link masquerading as party photos emerged in Asia on Monday morning and began spreading to Europe, computer experts said.
The so-called "My Party" worm, which is not considered destructive, spreads by infiltrating popular email software Microsoft Windows Address Book and Outlook Express Database.
The worm emails itself to every person in an infected users' email log making it look as if the worm comes from a colleague or friend, experts said.
Anti-virus specialist Trend Micro gave it a medium risk rating. Security firms said that compared with past email worms, such as Nimda and
Sircam, the number of reported "My Party" infections thus far is moderate.
The virus arrives as an email with the subject line "new photos from my party!" It contains an innocuous looking file attachment called
www.myparty.yahoo.com. A message in the body of the email reads: "Hello! My party... It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks!"
Graham Cluley, senior technology consultant for Sophos Anti-Virus, said because it carries what appears to be an authentic link from the popular Web portal Yahoo and appears to come from a colleague or friend, the worm has the potential to spread quickly.
As of 1200 GMT, Sophos received reports of infection from corporate clients and academic institutions in Asia, the Middle East and Europe.
New Computer Virus Update
Power Puff
Girl's DVD Infected with Fun Love Virus
January 5, 2002
Computer Viruses are usually received through your E-mail, but this on has been found on Power Puff DVD Meet the Beat which is infected with the unfunny Fun Love virus. Here is some information about the virus.
When the virus is first run, it drops a file called FLCSS.EXE into the SYSTEM folder, if this file does not already exist. This exe file is then run as a separate process and becomes the resident portion of the virus. The virus then directly infects all EXE, SCR, and OCX files in the folders Program Files and Windows9x/WinNT, including any sub folders. As the default Windows shell Explorer.exe is kept in here, the virus is re-executed whenever the system is restarted.
Under Windows NT, the virus uses a routine borrowed from the W32/Bolzano virus to patch the files NTOSKRNL.EXE and NTLDR if the current user is logged in with administrator rights. This patch, which is activated after the next system restart, allows all users full administrator rights to the system. This allows the virus (and any low-level users) full, unrestricted access to all the files on the system.
Periodically the virus scans any network shares with write access, and infects any EXE, SCR and OCX files on any shared network drives. The "FLC" process runs in the background, first exploring the local drives, then waiting a random amount of time - depending on a random number it either goes back to exploring the local drives, or starts exploring the network, then going back to exploring the local drives after exploring the network.
The virus is not encrypted or polymorphic.
When executed under DOS, the file FLCSS.EXE displays the message "~Fun Loving Criminal~" and then tries to reset the machine in order to load Windows.
* For more information go to http://vil.mcafee.com/dispVirus.asp?virus_k=10419&
Goner
is a Script Kiddie-inspired worm that December 4, 2001 Let there be no doubt that script kiddies--inexperienced
malicious programmers--have taken up the once lowly skill of virus writing.
Goner’s (w32.Goner.A@mm) pop-up displays look like a typical script kiddie
Web-site defacement, complete with the typical script kiddie “greetz.”
Besides spreading rapidly by e-mail, and therefore posing a threat to e-mail
servers, Goner spreads via ICQ and also shuts down antivirus and firewall
protection, leaving your Windows computer vulnerable to other attacks. Because
it deletes files, Goner ranks a 7 on the CNET Virus Meter.
How it works The payload of Goner is written in Visual Basic
6, packed with a UPX file compressor, and is 39KB in size. If executed, the worm
makes copies of itself in the Windows System directory under the name gone.scr.
It also adds itself to the Registry so that it executes each time the computer
reboots.
Goner uses the Outbook Address Book to find
addresses to send e-mail copies of itself. If ICQ, a favorite program of script
kiddies, is also present on the infected computer, Goner will attempt to spread
copies of itself through that service as well.
Besides displaying a message taking credit for
the worm--“Pentagone coded by: suid tested by: ThE_SkuLL and Isatanl”--and a
traditional script kiddie greetz--“greetings to TraceWar, k9unit, stef16,
^Reno. Greetings also to nonick2 out there where ever you are." This worm
also displays a fake error message.
Goner disables antivirus and firewall protection
by attempting to delete the following files:
disables firewalls, Antivirus software
Goner arrives by ICQ or e-mail bearing a subject line of “Hi” with the body
text of “How are you ? When I saw this screen saver, I immediately thought
about you I am in a harry, I promise you will love it!” The attached file is
gone.scr.
If Goner can’t delete the files immediately, it will create a WININIT.INI file to delete the files upon reboot.
Removal
Most of the antivirus software companies have updated their signature files to
include this worm. For more information on removing this Goner from your system,
see Central
Command, F-Secure,
Kaspersky,
McAfee, Sophos,
Symantec,
and Trend
Micro.
For information about preventing this worm, see
"Basic
steps to protect your PC from viruses."
New computer virus aW32.Nimda attacks on the rise
Q - Did terrorists send out a new virus on the Web?
A-
While the timing of the latest Internet attack certainly is suspicious, it doesn't look like the release of the "Nimda" (also called "W32.Nimda") worm is anything but the usual thoughtless and malicious vandalism.
You'll note, that "Nimda" spells "Admin" (short for "system administrator") backwards, which sounds more like a techie with a grudge than a terrorist with a cause.
Both the FBI and the Attorney General have stated they don't believe at this time that the worm is connected to any terrorist activity.
But that doesn't mean it can't wreak havoc on the Net in general and your computer in particular.
What should you be on the lookout for? First, it appears that Nimda infects servers that use Microsoft's Internet Information Server software running on machines with Windows NT or 2000.
It also attacks individual users who are running Microsoft Outlook or Outlook Express for their email service on Windows 95, 98 and ME. Those with Microsoft Internet Explorer versions 5.01 and 5.5 are the most vulnerable.
Second, as you might expect, it comes via email. The message line itself is often blank, or may come with subject names like "xboot," "sample" and "desktopsamplesdesktopsamples."
It may sometimes come with an attachment labeled "README.EXE.'' Whatever you do, do not open up that attachment or even the body of the email. Just nuke it.
The problem is, many or most e-mails that come bearing Nimda don't have a visible attachment. So when you click on the email's subject area to read it, the worm lurking in the cloaked attachment instantly wakes up and runs what it's been programmed to do: try to send itself out using addresses stored in your e-mail programs, looks for shared disk drives and copy itself on those devices, too.
The worm does not seem to damage your data, however. What it does do is clog the Net, nearly tripling the time it takes for any data to move from point A to point B.
You'll also be susceptible if 1) you're using Microsoft's Outlook email program, 2) if the program's security settings are at "low", and 3) a security patch has not been installed. On PCs that don't use Outlook, the worm can still spread, too, so non-Outlookers can't assume they're safe and sound.
The first step to take to put up your best defense against Nimda is simple: Don't open up any unexpected email. Instead, destroy it.
The second step is to look into programs and software patches that can smoke Nimda out and get rid of it:
Microsoft Security Bulletin and patch
To keep up to date on viruses, worms and other types of computer attacks, look in regularly at CNET's Virus alert and Yahoo's Viruses and Worms pages. The best defense is a good offense, even against worms.