|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
4 |
 |
Members:
0 |
 |
Total:
4 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:25 PM |
|
| Within the last 24 hours there have been numerous reports of the "W32.Reeezak.A@mm virus" This is an Internet worm that spreads using the Outlook address book . The file arrives as an email attachment entitled CHRISTMAS.EXE, but the text of the message and the icon implies that the attachment is a Macromedia Flash "greeting card type" program :
The subject of the message is: Happy New Year
The text reads:
Hii
I can't describe my feelings
But all i can say is
Happy New Year :)
bye
Note again the misspelling... When will these virus writers ever learn to use a spell checker :)
Here are the references from SARC and McAfee:
http://www.sarc.com/avcenter/venc/data/w32.maldal.c@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99285&
This is a moderately sophisticated , but very destructive, virus. It attempts to copy itself to other computers via shares. Rather than attempting a trojan takeover of your machine it simply blows away your windows directory and sets some of your preferences up to a particular web site, which drops a trojan and a bunch of antivirus killing software on your machine, so that even if you restore the deleted files you may find yourself infected again the first time you fire up internet explorer.
Protecting Yourself
As always, the easiest way to protect yourself is to avoid opening strange looking or unexpected attachments, even if they arrive from someone that you know. Since most of the recent worms spread themselves using the sender's address book, they will almost always arrive from someone you know or someone else at your own company.
Virus Scanners, Your Second Line of Defense
Your second line of defense is your ant-virus software.
McAfee
Quoting from the report posted by Network Associatss, Inc. at http://www.mcafee.com/anti-virus/viruses/vote/default.asp?cid=2464:
In plain English, this means that:
If you have a reasonably recent installation or engine and data file update the worm will be detected.
If you have email scanning activated the worm should be detected prior to downloading your email.
If you have the 4.0.70 and above with DAT file 4174 this worm will be detected whether or not you have enabled heuristic scanning.
Since heuristic scanning is disabled by default, you will need to either enable it or update your data files. Updating your data files regularly ( DAILY ) is a generally good idea.
Norton
At http://www.sarc.com/avcenter/venc/data/w32.maldal.c@mm.html they have rated this virus as PREVALENT and MEDIUM DAMAGE.
All modern versions of Norton should be configured to scan your email on download - at which point this will be detected. They recommend simply choosing DELETE to remove the virus. Corporate users should have email scanning turned on on their email server, and heuristic scanning enabled.
Mitigating Factors
You must click the attachment to have the worm activate. The worm is an EXE file - a sure fire clue you shouldn't touch it . The subject is " Happy New Year " fairly identifiable, and there are misspellings in the body of the text.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|