|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
4 |
 |
Members:
0 |
 |
Total:
4 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2003 9:07 PM |
|
| What is it?
SoBig, Mankx or Palyh (depending on the virus software listing) is a new email worm virus that purports to come from support@microsoft.com . The file comes with your typical worm virus attachment that when executed does all the nasty things that you'd expect a worm to do (email to all your friends, turn off your antivirus, infect network shares, etc.). The virus looks like it comes from microsoft.com and purports to have an attachment that the user requested. As I've said before - Microsoft NEVER sends out emails with attached files. If they do you can safely delete these and any other email that looks like it comes from Microsoft. And as usual this thing is smart, scanning email, web, and other sources looking for email addresses (Even inside other emails).
I got several emails from a viruswarning member in England saying this is spreading fast in Europe, and is over here too. (A big thanks to Viruswarning member Richard L. for bringing this to my attention). I got at least one before my virus signatures were updated which indicates this virus spread faster than the typical update cycle of once per day. The program copies itself into your system directory as a program called msccn32.exe and to the startup directory of locally attached shared systems it can find. If you find such a program you're definitely infected.
The software installs spyware that allows your computer to be remotely controlled and observed.
The program subject line may read one of the following:
Your details
Approved (Ref: 38446-263)
Re: Approved (Ref: 3394-65467)
Your password
Re: My details
Screensaver
Cool screensaver
Re: Movie
Re: My application
The attachment is named:
your_details.pif
ref-394755.pif
approved.pif
password.pif
doc_details.pif
screen_temp.pif
screen_doc.pif
movie28.pif
application.pif
(List from the Norton SARC website, see link below).
What should you do?
Keep your virus signatures up to date.
Never open attachments that are unsolicited, particularly ones that run programs - even if they come from Microsoft. Microsoft NEVER sends out updates as email attachments.
If you did open it, get updated signatures and scan your system thoroughly. Symantec has a removal tool available at: http://www.sarc.com/avcenter/venc/data/w32.sobig.b.removal.tool.html
Run an active internal firewall such as Zonealarm.
For more information:
http://news.com.com/2100-1002_3-1007603.html?tag=fd_ots
http://www.sarc.com/avcenter/venc/data/w32.sobig.b@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=100307 (DAT Required 4264)
This concludes this viruswarning notice dated 5/20/2003.
For past archives of viruswarning files see:
http://www.leedrake.com/forum/default.asp?CAT_ID=2
To unsubscribe to this newsletter send me an email at:
imailsrv@azcomputer.net
And in the body type in:
Unsubscribe viruswarning
Lee Drake
Aztek Computer Solutions, Inc.
39 N. Goodman St.
Rochester, NY 14607
the human side of computing
Email: ldrake@aztekcs.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|