|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
3 |
 |
Members:
0 |
 |
Total:
3 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 06/16/2004 12:11 PM |
|
| What it is
A new email worm called erkez.b is making the rounds. It goes out disguised as a e-postcard and tells you to open the attachment to see the card. Opening the attached pif or program file will activate the worm. This worm is a bit unusual in three ways. On one hand it actually examines the target address and if the end is for another country it customizes the message for that destination country. This means that .FR addresses will be in French, .SE will be in Swedish etc. The other way that it is unusual is that it will actively trash your Norton Antivirus, McAfee, Zone Alarm and other virus and firewall software installations by overwriting the files in those directories with copies of the virus. In addition, it will prevent you from running common tools used to prevent viruses from running (msconfig, regedit etc.). Finally, it attempts denial of service attacks on a variety of sites by hammering the servers with HTTP requests (that it then ignores). This could cause serious network slowdowns on networks with infected machines. If your bandwidth is suddenly saturated, or your antivirus software isn't running - suspect an infected machine.
Since this worm is both destructive, widespread and multilingual it's spreading pretty quickly. Mail servers in many areas have been overwhelmed with traffic - you may see an uptick in the amount of time it takes to send or receive messages on servers that do not filter extensions.
Note that Aztek Mail users who have requested executable attachment blocking will never see these messages (thought it does take some processor time to find and delete them). Some mail servers are seeing approximately 4x the load from this virus, and it's causing significant email delays. If you're an Aztek Mail user and want attachment blocking please contact the office.
What to do
If you have the virus both Symantec and McAfee have cleanup tools. For Symantec the cleanup tool is at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.removal.tool.html
For McAfee you can use the latest version of Stinger to remove this bug:
http://vil.nai.com/vil/stinger/
You should REINSTALL your antivirus or firewall software if you've been infected, and thoroughly rescan your machine.
Further references
Symantec (June 11th sigs): http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.html
McAfee (June 11th sigs): http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126242
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St Suite B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|