Re: CRIME Anyone know of a recent Virus, etc that deletes pictures?

From: Joe St Sauver (JOE@private)
Date: Thu Feb 26 2004 - 11:53:09 PST

Next message: Marc Schuette: "Re: CRIME Anyone know of a recent Virus, etc that deletes pictures?"

Previous message: Kim Schaffer: "CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Maybe in reply to: Kim Schaffer: "CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Next in thread: Marc Schuette: "Re: CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kim wrote...

#Being asked the question and haven't seen anything recent. Have I just =
#not been paying attention?

I think this is the one you want (the following is from a note I sent along
to one of our local mailing lists on the 24th):

!A new worm, W32.Mydoom.F@mm, rated by Symantec as a level 3 issue, is in
!circulation. If you haven't Live Updated since late yesterday, you may want
!to do so. You can read about this worm at:
!
!http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.f@private
!
!I mention this worm in particular because (according to Symantec). 
!
!-- it randomly deletes .mdb, .doc, .xls, .sav, .jpg, .avi and .bmp files
!-- it dDoS's www.microsoft.com and www.ria.com
!-- it installs a backdoor proxy trojan allowing unauthorized remote access
!-- it ships as a .pif/.scr/.exe/.cmd/.com/.bat/etc.
!-- it uses a relatively large number of attachment names
!-- it uses a relatively large number of relatively "motivational" subjects
!-- it uses a variety of relative common mail sender names (plus random
!   characters) from aol/msn/yahoo/hotmail/<random>.edu
!-- it takes active steps to terminate common antivirus programs
!-- it dredges a relatively wide variety of files for email addresses 
!   (including .htm and .txt files, but also including .php, .pl, .vbs,
!   etc.) to which to mail itself

I would also note/mention Netsky.C (another Level 3 worm):

!Yet another category 3 worm in ciculation... W32.Netsky.C@mm this time. 
!
!F-Secure describes it as having been found Feb 25, 2004; Symantec
!claims they knew about it on Feb 24th. See 
!
!  http://www.symantec.com/avcenter/venc/data/w32.netsky.c@private
!  http://www.f-secure.com/v-descs/netsky_c.shtml
!
!Some salient points:
!
!  -- be sure folks update their A/V definitions (yes, yet again)
!
!  -- because this worm propagates as a zip, it may NOT get defanged/filtered 
!     on [some hosts]
!
!  -- there are some versions of Windows which may "help" by auto-unzipping
!     zipped attachments by default; depending on what you use for an email 
!     client and operating system, you may want to beware
!
!  -- Netsky propagates by mail, and may also "spread through file-sharing
!     networks, Instant Messaging clients, Windows shared folders,
!     or any program that uses shared folders containing 'Shar.'"
!
!  -- it uses a comparatively wide range of social-engineered subject lines
!
!  -- it edits the windows registry, apparently attempting to override
!     some earlier worm infestations (oh boy! New and Improved!)

Feel free to contact me if you have any questions,

Regards,

Joe St Sauver (joe@private)
University of Oregon Computing Center

Next message: Marc Schuette: "Re: CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Previous message: Kim Schaffer: "CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Maybe in reply to: Kim Schaffer: "CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Next in thread: Marc Schuette: "Re: CRIME Anyone know of a recent Virus, etc that deletes pictures?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 26 2004 - 12:44:04 PST