>>>>>> cw [mailto:cwat_private] >>>>> : > Hi there folks, > Twice in the past hour I have been messaged by two separate people on > UnderNet. > Two separate people ? Are you sure ? > The message goes: > > !Notice!: A Recent Port Scan on your Computer reveals that Port 1800 > is in open state. This usually means that you have been infected with > an IRC Worm Virus. Please download the cleaner at: > http://www.No-Hack.Us/Fixes/Worm1800.exe to remove the virus from > your system. If you do not comply with this rule within 30 minutes, > our client monitor will ban you from this network. -Thanks For > Understanding. UNDERNet Exploit Team > Don't do that ! 1- Verify if your port 1800 is actually open. If yes, ask yourself "Why" ? There is no evidence at this step that it's due to an IRC Worm. 2- http://www.No-Hack.Us/Fixes/Worm1800.exe is probably the worm itself. 3- There is no reason for your ISP to ban you from the Web. The mails you received sound like a social engineering way to constrain you to actually install the worm on your computer instead of to protect your machine against the worm. Jean-Luc Cavey National AntiVirus Specialist KPMG France Office : +33 (0) 1 46 39 46 21 Home : +33 1 45 43 45 62 Mobile : +33 (0) 6 15 93 77 96 E-Mail : NAVSat_private ================================ La presence de ce texte prouve que ce message electronique a ete verifie par un logiciel anti-virus à jour au moment de l'envoi. The presence of this text proves that this e-mail has been verified by an up-to-date anti-virus software at the time of the sending. ================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 14:15:00 PDT