|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
David Gray
Posts:22
 |
| 10/16/2002 1:46 PM |
|
| What Is It?
There are 2 new viruses that are traveling the net. They infect via NETWORK SHARES, and EMAIL. Once one machine on your network has the virus it will infect other machines on the network with an unpassworded GUEST account. It's suggested that you add a password to your guest account, particularly if you are on windows 2000 or Windows XP if you don't already have one. If you aren't participating in a file sharing network, you can disable the guest account altogether (But do NOT delete it).
The rest of the virus vector is pretty much the same as all other viruses lately. They spread via attachments, they use random filenames, random subject headings, and random files off your hard drives for the file name attachments and body of the message.
These viruses ARE VERY DANGEROUS. If they infect your computer they install a TROJAN HORSE application on your computer that essentially lets a remote user take it over and "have their way" with it. They can upload and download files, modify your data, and log your keystrokes to detect passwords. Bugbear targets win 2000 and windows XP boxes, SCRUP win 9X boxes. Both are detected by current virus scanners.
These viruses use UDP Port 139 to spread. Blocking all upload and download traffic for this port on your firewall (either Zonealarm or a hardware firewall) will allow you to avoid the spread by share FROM THE OUTSIDE, but it will not avoid the spread INSIDE your net unless all workstations have zonealarm or some other firewall installed. Bugbear installs a listening web server on port 36794, allowing your machine to be controlled from any web browser.
What Should You Do?
Be sure your virus signatures are up to date. Run a liveupdate or virus update manually to ensure that you have the latest version of your scanning software. If you have a firewall (you do don't you?) block UDP port 139 at the firewall. Add a password to your GUEST account if you have Windows NT, 2000, or XP.
Additional Information
You can obtain more information about this virus from:
Bugbear
http://vil.nai.com/vil/content/v_99728.htm
http://www.sophos.com/virusinfo/analyses/w32bugbeara.html
http://www.sarc.com/avcenter/venc/data/w32.bugbear@mm.html
Scrup
http://vil.nai.com/vil/content/v_99729.htm
http://www.sophos.com/virusinfo/analyses/w32opaserva.html
http://www.sarc.com/avcenter/venc/data/w32.opaserv.worm.html
This concludes this VirusWarning notice, dated Tuesday, October 1, 2002.
Lee Drake
Aztek Computer Solutions, Inc.
39 N. Goodman St.
Rochester, NY 14607
David Gray, Moderator
A. K. A. Mr. Spock
You are more importnat than any technology we may employ. |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|