 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:15 PM |
|
| There is a new mass mailer on the loose, known variously as "W32/Fbound.c@MM" (Network Associates/McAfee) or "W32.Dotjaypee@mm" or W32.Dotjaypee@mm (Symantec/Norton).
What It Is
Like the nasty SirCam worm of last year, this one contains its own SMTP engine but it's a bit smarter; it uses the default SMTP gateway of the local machine, thus assuring that its messages will get out. This program is a pure mass mailer; it harvests addresses from the Windows Address Book. Fortunately, unless you use the basic Internet Mail program that comes with Windows or another program that stores addresses in the WAB, this one won't spread far. Also, there is no other payload and the program does not install itself, so apart from mass mailing, it does no damage. However, if you run it again, it will repeat the mass mailing!
The subject of the message is either "Important" or one of a dozen or so randomly selected Japanese texts. For the curious, Network Associates shows the Japanese texts in its article at http://vil.nai.com/vil/content/v_99386.htm and you don't need a Japanese browser to see what they look like.
The attachment is called patch.exe, which should immediately raise suspicions.
How Can I Protect Myself?
As always, it is best to avoid opening suspicious or unexpected attachments from any source. The Outlook 2000 Security Patch which is available separately and is a part of Service Release 2 automatically blocks EXE files such as this worm by default.
McAfee
McAfee VirusScan detects the worm as New Worm when scanning with the 4140 DATs (or newer) with Program Heuristics enabled and by name with the 4191 DATs, which were released this morning and can be retrieved by AutoUpdate or manually from http://www.mcafeeb2b.com/naicommon/download/dats/mcafee_4x.asp.
Of the two methods, AutoUpdate is preferred, as it is much easier to use and can be completely automated. AutoUpdate is a predefined task in the VirusScan Console. To activate it, do the following:
1) Locate the VirisScan Console on your task bar. It will be located at the far right end near the clock.
2) Right click the icon and choose Restore from the context menu.
3) To run the AutoUpdate now, double-click the AutoUpdate task, or simply click it and choose Start Task from the Task menu.
4) To schedule AutoUpdate, highlight the task, click Properties on the Task menu, then click the Schedule tab on the dialog that displays.
5) Click the Enable check box, then select your schedule, then click the Apply button to put them into effect.
Norton
The easiest way to update your virus definitions is to run LiveUpdate. LiveUpdate is located in your Control Panel; double-click the icon and follow the instructions. According to the Symantec article at http://securityresponse.symantec.com/avcenter/venc/data/w32.dotjaypee@mm.html, the virus definitions on the LiveUpdate servers incorporate information about this worm.
If You Run Windows ME, Read This
Microsoft Windows ME includes a system restore feature that can interfere with complete eradication of worms such as this one that arrive as program files. Please visit http://vil.nai.com/vil/content/v_99386.htm and scroll down to the topic Additional Windows ME Info for step by step instructions.
Other Issues
Since we are writing to you today about viruses and worms, you should be aware of another bogus "patch" that is making the rounds. Called the "Internet Security Update," the message contains an attachment that purports to apply the latest security patches from Microsoft to your system. It is not a security patch; it's a mass mailing worm.
Microsoft never distributes patches or other software by email. Please refer to their official statement on the subject at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp.
There is, of course, the Microsoft Product Security Notification Service which distributes notices of security related patches by email. However, the service never distributes actual code. The notices just tell you what the code fixes, why you should apply the patch, and where to get it. If you want to learn more about the service, you can visit http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/notify.asp. Unless you are an IT professional, however, you need not subscribe, as we notify you about important notices through this list.
This concludes this VirusWarning notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|