|
 |
|
 |
| Tuesday, September 07, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
6 |
 |
Members:
0 |
 |
Total:
6 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 04/04/2005 8:59 PM |
|
| What it is
The relatively new email worm labeled Chod.B has a new trick up its sleeve. If it infects a user who has MSN Messenger installed (installed by default on Windows XP machines) and the user has an active MSN Messenger account, the worm will attempt to spread itself to the users other MSN Messenger contacts in an unusual way, that closely mimics how a real user would transfer files. The worm uses MSN Messenger to send a message saying something like "Check out what I found on the internet" and then send you itself as an executable file. It's trying to imitate the friend you have on your contact list. It also will steal passwords from a number of IM accounts and transmit those passwords to the author, thus giving them databases of hundreds or thousands of potential virus victims.
Other IM taglines the current version uses, according to the Symantec website (these may change as the virus mutates):
check out what I just found on some stupid website
dude check this out, it's awesome! :D
haha you have to see this, I almost couldn't believe it! :O
holy shit you have to see this... :|
I just found this on a CD... you won't believe it! :|
LOL! look at this, I can't explain it it in words..
naked lesbian twister
omg check this out, it's just wrong :O
ROFL!! you have to see this... wtf...
you have to see this, it freaked me out :S
you have to see this, it's amazing!
Threats that attempt to use instant messenger programs are on the rise. Last week some phishers were attempting to lure Yahoo Messenger service members to log into a fake yahoo site with their name and password so it would get attacked. Remember that many young people use IM - it's become the communication vehicle of choice among teen and pre-teen kids. As such it's worth reviewing security protocols with your teenagers to let them know that IM can carry threats. Most IM programs allow you to set security settings to disallow file transfers - I'd recommend that on every IM program you can do this on.
This worm is unusual in that it mimics a real person. The original email virus comes looking like an email from security@ either Microsoft, Trend Micro or Symantec. None of these companies ever send out executables as email attachments.
What you should do
If possible, disable file transfer features of any IM program. If you get a request to transfer from a known source - continue the conversation, and verify that it is the person you believe it is, before accepting the file. If the transfer request follows the pattern of CHOD.B you should contact the IM person that sent it to you and let them know that their computer is infected. In this rare instance - the person who it APPEARS to come from probably IS the person it's coming from.
If infected Symantec and Trend Micro have a cleanup protocol at the link below. You basically need to back out the various modifications the virus does to your system. Cleanup is a multi-step process but fairly easy compared to some viruses.
Be as suspicious of files transmitted to your machine via IM as you are of Email attachments.
Further references
Symantec: http://securityresponse.symantec.com/avcenter/venc/data/ w32.chod.b@mm.html
Trend Micro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CHOD.B
This concludes this viruswarning notice.
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St Suite B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|