|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:26 PM |
|
| Within the last 24 hours there have been numerous reports of the "Pentagone virus" This is an Internet worm that spreads using the Outlook address book, IRC Chat channels, and ICQ (it sends itself to everyone on your contact lit). The file arrives as a screensaver, but the text of the message doesn't try to disguise the fact that the attachment is a screensaver (with a .SCR extension), instead it shows it as if they are "passing it along":
How are you ?
When I saw this screensaver, I immediately thought about you
I am in a harry, I promise you will love it!
Note again, the misspelling in the note - a good sign this isn't REALLY from a friend :)
Here are the references from SARC and McAfee:
http://www.sarc.com/avcenter/venc/data/w32.goner.a@mm.html
http://www.mcafee.com/anti-virus/viruses/Goner/default.asp
This is a fairly sophisticated virus. The first thing it does is try to shut down your antivirus software and zone alarm firewall. If you click on the attachment it will use outlook to send itself to other addresses. It then takes over your computer by:
1) Installing a trojan "back door" program on your computer.
2) Hooking up to an IRC channel to announce the presence of your computer as "available"
3) Spreads the virus using IRC, ICQ (this is a new vector) and email.
In other words you can get this virus through IRC and ICQ - be suspicious of ALL attachments.
Protecting Yourself
As always, the easiest way to protect yourself is to avoid opening strange looking or unexpected attachments, even if they arrive from someone that you know. Since most of the recent worms spread themselves using the sender's address book, they will almost always arrive from someone you know or someone else at your own company.
Virus Scanners, Your Second Line of Defense
Your second line of defense is your ant-virus software.
McAfee
Quoting from the report posted by Network Associatss, Inc. at http://www.mcafee.com/anti-virus/viruses/vote/default.asp?cid=2464:
In plain English, this means that:
If you have a reasonably recent installation or engine and data file update the worm will be detected.
If you have email scanning activated the worm should be detected prior to downloading your email.
If you have the 4.0.70 and above with DAT file 4174 this worm will be detected whether or not you have enabled heuristic scanning.
Since heuristic scanning is disabled by default, you will need to either enable it or update your data files. Updating your data files regularly ( DAILY ) is a generally good idea.
Norton
At http://www.sarc.com/avcenter/venc/data/w32.goner.a@mm.html they have rated this virus as PREVALENT and MEDIUM DAMAGE.
All modern versions of Norton should be configured to scan your email on download - at which point this will be detected. They recommend simply choosing DELETE to remove the virus. Corporate users should have email scanning turned on on their email server, and heuristic scanning enabled.
Mitigating Factors
You must click the attachment to have the worm activate. The worm is a screen saver file, which doesn't attempt to disguise itself - however screensavers are executables, just like .EXE or .COM files.
The subject is "Hi" fairly identifiable, and there are misspellings in the body of the text.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|