PDA

View Full Version : New Virus



Titans#1
23-11-05, 10:28 AM
A SCAM involving fake FBI or CIA emails had unleashed a computer virus that has spread rapidly worldwide, US officials and security experts said

The FBI released a statement on its website noting the agency was not the source of the emails. But experts said that the virus was propagating because the authors made the message appear authentic.

The FBI statement said recipients of this or similar messages "should know that the FBI does not engage in the practice of sending unsolicited emails to the public in this manner".

The messages appeared to be sent from an email address such as mailfbi.gov, postfbi.gov, adminfbi.gov or a similar address, and directed the recipient to open an attachment to answer a question. The opening of the file activated the virus and caused it to spread to others.

Internet security firm Sophos said similar emails appeared to come from the Central Intelligence Agency, but both contained a strain of the Sober virus that had been spreading worldwide. In a four-hour period yesterday, the worm "has accounted for over 61 per cent of all viruses reported to Sophos, making it currently the most prevalent virus spreading across the world", Graham Cluley, senior technology consultant at Sophos said.

"This variant of the Sober worm may catch out the unwary as they open their email in box this morning.

"Every law abiding citizen wants to help the police with their enquiries, and some will panic that they might be being falsely accused of visiting illegal websites and want to click on the unsolicited e-mail attachment.

"All users should be reminded to follow safe computing guidelines, and PCs should be kept automatically updated with the latest anti-virus protection."

The email stated: "We have logged your IP-address on more than 30 illegal websites", and directed the recipient to open an attachment to respond to questions.

"The FBI takes this matter seriously and is investigating," the law enforcement agency said, urging those receiving emails of this nature to report it to the Internet Crime Complaint Center via http://www.ic3.gov (http://www.ic3.gov/).

California-based firm PandaLabs said the virus quickly became the most prevalent spreading around the globe.

One reason for its success was that "this new variant uses social engineering techniques, tricking users into running files that contain the system code", PandaLabs said.

The virus used another trick ? displaying a dialogue box saying that no viruses, Trojans or spyware were found, according to PandaLabs, even though the computer was left unprotected against future attacks.

Experts noted each infection caused a computer to send out new copies of the email to those in the computer's address book.

"The propagation capacity of Sober.AH, means that every time there is a new infection, the chances of receiving an infected email increase exponentially," Luis Corrons, director of PandaLabs, said.

PandaLabs and others noted that some of the emails were being delivered in German to addresses in Europe, purportedly coming from the BKA, the German federal police.

The SANS Institute's Internet Storm Centre, an academic industry partnership, urged Internet users to exercise caution because anti-virus programs might not detect the latest versions of malicious programs.

"Antivirus software does not provide any reliable protection against current threats," SANS said. "Viruses like Sober tend to change every few hours well in advance of AV signature updates. The fact that an attachment did not get marked is no indication that it is harmless."

Titans#1
23-11-05, 10:32 AM
Please post any new virus you may know or hear about in this thread! We don't want members to catch this and not be able to log on to our fantastic forums!

Super Cronk
23-11-05, 10:59 AM
i got a friggin limewire worm that f**** up my registry's on my computer....im getting it fixed today hopefully....seriously do these people that make viruses etc feel proud for doing this ****?

Queenslander
23-11-05, 11:01 AM
i got a friggin limewire worm that f**** up my registry's on my computer....im getting it fixed today hopefully....seriously do these people that make viruses etc feel proud for doing this ****?

its a bunch of lonely nerds who hate the world; because the world hates them. They need to get a life :angry:

Titanium_BD1103
23-11-05, 11:07 AM
Did you really Super Cronk.. I use Limewire now.. I used to use Warez..but that stuffed my computer that I had to clean it.. so I use Limewire now.. may have to update the anti virus software again though it seems...

I agree these people are nerds who have no life and need to find something more constructive to do IMO... :(

Super Cronk
23-11-05, 11:47 AM
Did you really Super Cronk.. I use Limewire now.. I used to use Warez..but that stuffed my computer that I had to clean it.. so I use Limewire now.. may have to update the anti virus software again though it seems...

I agree these people are nerds who have no life and need to find something more constructive to do IMO... :(

yeah my brother downloaded something and bam ....your best of ditching limwire man...slows your computer down and your at a big risk of getting a virus. i had uptodate virus stuff yet this worm still got through...no more p2p for me :mine:

Teegy
23-11-05, 12:35 PM
THese are the Latest Threats

11-22-05
W32.Mytob.MC@mm

11-22-05
Trojan.Danmec

11-21-05
W32.Mogi

11-21-05
SymbOS.Pbstealer.A

11-21-05
Trojan.Goldun.H

11-21-05
Bloodhound.Exploit.53

Dakink
23-11-05, 12:50 PM
Yea I steer clear of P2P as well - not worth the risk.

Super Cronk
23-11-05, 01:00 PM
Yea I steer clear of P2P as well - not worth the risk.

yeah ive had trouble with it in the past. But others in my family use it all the time. But now its gone....forever!

Titans#1
23-11-05, 01:16 PM
I just recieved this email from my internet provider (I think! LOL)


Dear Customers,

We have received a series of phone calls and support requests in regards to emails that "appear" to have been sent from MicroEd.

Example Wording:
- microed.com.au ID: youremail address
- Your Email Account is Suspended For Security Reasons
- We regret to inform you that your eBay account will be suspended
- We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

We can assure you that the emails have not come from MicroEd. Our investigations show that this is a templated email that is generated by the W32/Mytob-FK virus or similar.

In simple terms an infected computer has the ability to mass-mail those people in the address book substituting the senders address with another from the address book. The result is an email that appears to have come from MicroEd. There have been similar reports of emails coming from eBay, PayPal and Banks.

As of yesterday there is also a new FBI Hoax email being distributed via the Sober Virus.

- We remind customers to ensure that you protect yourself with AntiVirus software and ensure that the definitions are always up to date and delete any suspect emails.
- VSafe (free with your MicroEd account) is another way of stopping this type of threat reaching your computer.
- Be very wary of emails from eBay or your Bank. There are a lot of emails in circulation that claim to be from your bank, eBay or PayPal. 99.90f these emails are fraudulant and are used as a means of obtaining your account details.

If you are interested in reading more about these threats please see the links below:
W32/Mytob Virus : http://www.sophos.com/virusinfo/analyses/w32mytobfk.html
W32/Mytob Virus : http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.BM
ebay / PayPay Hoax Emails : http://www.auctionbytes.com/cab/abu/y203/m10/abu0104/s04
Bank Hoax Emails : http://www.national.com.au/Internet_Banking/0,,59153,00.html
Bank Hoax Emails : http://www.stgeorge.com.au/int_bank/security/hoax_emails.asp?orc=personal
FBI / Sober Virus: http://www.hoax-slayer.com/fbi-virus-emails.html

If you have any questions then please feel free to contact us.

All the best
regards,
Glenn Challen
(Director)

Super Cronk
23-11-05, 01:27 PM
hey guys...if you think maybe your anti virus or firewall is no good.....go here and you can download anti virus programs and firewalls for free. they are top notch programs.

http://forums.majorgeeks.com/showthread.php?t=44525
i wish i had followed this earlier.

Steelers
23-11-05, 08:04 PM
Just on LimeWire, I use it, and to make sure that I don't end up downloading a virus, I check a couple of things. The file type and the size. Once I have downloaded it, the first thing I do is scan it. This has worked for me for about a year :thumbsup:

Luke
26-11-05, 03:08 PM
i had 22 virus last week

In-Cyde #1
26-11-05, 05:32 PM
Heres another one to watch out for...............


Subject: Possible Fraud and Virus Attacks on Mobile Phones & House Phones!!!

Please be aware of the following:

If you receive a phone call on your mobile or house phone, from any person, saying that, he or she is a company engineer, or telling you that they're checking your mobile line, or land line, and you have to press #90 or #09 or any other number.

End this call immediately without pressing any numbers.

There is a fraud company using a device that once you press #90 or #09 they can access your "SIM" card & or home phone, and make calls at your
expense.

All mobile users pay attention if you receive a phone call and your mobile phone displays (XALAN) on the screen don't answer the call,
END THE CALL IMMEDIATELY, if you answer the call, your phone will be infected by a virus..
This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone.

This information has been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being infected by this virus in all around the world.

Teegy
26-11-05, 05:35 PM
RHanks for the warning Cyde.

Titans#1
26-11-05, 06:34 PM
Wow! I must admit though, I NEVER answer my mobile if I don't know the caller.

Thanks for the Info In-Cyde#1!

Queenslander
26-11-05, 06:36 PM
Thanks for the info! :thumbsup:

Titanium_BD1103
26-11-05, 07:50 PM
Thanks In-Cyde#1.. it has never happened so far.. and I wouldn't agree to do it unless they could prove to me they were the phone company, but still it is high chance it may occur.. so it is good to know.. that way my family and I are safe.. ;)

In-Cyde #1
30-11-05, 04:44 PM
LATEST VIRUSES

W32.Secefa.A
Formal Name: W32.Secefa.A
Discovered on: November 23, 2005
Description: W32.Secefa.A is a worm with back door capabilities that drops another threat onto the compromised computer.
Also Known As: W32.Secefa.A
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Trojan.Loader.DFormal Name: Trojan.Loader.D
Discovered on: November 23, 2005
Description: Lodear.D is a Trojan horse that attempts to download remote files.
Also Known As: Win32.Glieder.{CF, CG, CH, CI, CJ} [Computer Associates], Bagle.{EO, EP, ES} [F-Secure], W32/Bagle.gen!7B14EBCA [McAfee], Mitglieder.GB [Panda], Troj/BagleDl-{AF, AH, AK} [Sophos], TROJ_BAGLE.AH [Trend Micro]
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003
W32.Sober.X@mm
Formal Name: W32.Sober.X@mm
Discovered on: November 19, 2005
Description: W32.Sober.X@mm is a mass-mailing worm that uses its own SMTP engine to spread and lowers security settings. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
Also Known As: CME-681, WORM_SOBER.AG [Trend Micro], W32/Sober-{X, Z} [Sophos], Win32.Sober.W [Computer Associates], Sober.Y [F-Secure], W32/Sober@MM!M681 [McAfee], W32/Sober.AA@mm [Norman]
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Titanium_BD1103
30-11-05, 04:55 PM
I have W32 viruses.. darn computer now has to get rid of them.. lucky for the virus scanner..hope it does the job...:D :D

Thanks for that In-cyde#1 I at least know what they are doing and now I know how to stop them too... good work.. :)

In-Cyde #1
01-12-05, 07:04 PM
A quick plug for my internet provider - TPG.

I received this today.

--------------------------------------------------------------------------------

Dear TPG Customer,

Within the last two weeks, TPG's virus protection software has prevented 6 viruses from being delivered to your mailbox.

We are pleased to offer this free service to all of our customers as part of a continued effort to provide you with a secure, productive and virus free Internet environment.


Top viruses prevented for you

--------------------------------------------------------------------------------

Email-Worm.Win32.Sober.y 6


This filtering comes under TPG's Terms and Conditions.

Kind Regards,

TPG Internet
Ph: 1300 360 855
www.tpg.com.au

Super Cronk
09-12-05, 08:44 AM
This isnt a virus but it is a scam.

If you recieve an email from:


service@email.paypal.com

Asking you to confirm or update your paypal details. DONT USE IT. It sends you to a fake site, where if you enter your paypal details they will then be stolen.

In-Cyde #1
23-12-05, 07:32 PM
WORST VIRUS EVER ---CNN ANNOUNCED.

A new virus has just been discovered that has been classified by Microsoft as the most destructive ever. This virus was discovered by McAfee and no vaccine has yet been developed. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.

This virus acts in the following manner:

It sends itself automatically to all contacts on your list with the title:

"A Card for You".


As soon as the supposed virtual card is opened the computer freezes so that
the user has to reboot . When the ctrl+alt+delkeys or the reset button are
pressed, the virus destroys Sector Zero, thus permanently destroying the
hard disk. In just a few hours this virus caused panic in New York, according to news broadcast by CNN.


This alert was received by an employee of Microsoft itself.

So don't open any mails with subject: "A Virtual Card for You." As soon as
you get the mail, delete it!!

Even if you know the sender !!!

Titans#1
03-02-06, 10:59 AM
COMPUTER users were being urged to kill a malicious "old school" software worm poised to destroy their files.

Referred to by a host of names including "Kama Sutra", "Grew", and "Blackworm", the malware virus has bored into countless computers worldwide and is reportedly programmed to come to life after the clocks signal the start of Friday.
"Make sure you scan today, don't wait to find out if you've been infected," warned computer virus expert David Perry of Tokyo-based Internet security firm Trend Micro.

"This is flat-out malicious, destroying files."

The company was providing free real-time virus scans called "Housecall at its website, trendmicro.com.

The worm traveled the Internet in emails and got into computers when recipients clicked on unsolicited messages bearing sender names such as crazygirl, badboy, wizzard, and sometimes promising sexy content.

The worm was given a trigger date of today to allow time for it to spread undetected, Perry said.
"Once it starts destroying files, people will hunt it down and kill it," Perry said.

"I don't expect we will hear of mass destruction for this, because we got notice early in the game."

News of a new virus threat often correlates with a spike in infections, evidently because people check their computers and click on the item to see what it will do, according to experts.

"Most of what people know about viruses doesn't come from science, but from movies or fiction," Perry said.

"People seem to think there will be an animated cookie monster."

"In reality, what it will do is wipe out files. Worse, it overwrites them and that will corrupt the back-up system as well."

People can open any document file to check whether their computer was attacked by the worm, according to experts. If the worm came to life in their system, they will find gibberish in what were formerly text files, Perry said.

We will see Friday how many people report it," Perry said.

"People rarely report in when they miss the boat and get infected."

An atlas of infections reported by visitors to Micro Trend's website showed more viruses uncovered in India than in the United States.

There is a whole virus underground out there," Perry said. "They critique each others' work."

Internet security experts advised computer users to keep updated anti-virus software running on their systems.

The Kama Sutra worm was a "feature-rich virus" that also spread by floppy disks or network sharing, and which was designed to sabotage anti-virus software on computers, Perry said.

"This virus contains stealth technology to knock out your anti-virus software," Perry said. "It goes out and defeats them."

That was why Micro Trend provided live online scans for the worm, according to Perry.

Virus fighters at the company reportedly sort through an average of 1300 new forms of malware monthly.

scan today people!!!

Kronos
04-02-06, 08:58 PM
Just buy a MAC........ problem solved :)

Super Cronk
20-02-06, 09:19 AM
A mate of mine was on msn and he had a message appear that says: **I HAVE ADDED STARS TO THE URL, SO DONT GO TO IT!!!!**

"Hey you can see who's blocking you on MSN! Download it now http:**//www.block-checker.com"

He said he downloaded the block checker from that site, then i searched google and found out its actually a virus. Im not sure what it does...but it isnt a very nice one sposedly, as the anti virus programs dont pick it up.

Dakink
20-02-06, 01:47 PM
Just buy a MAC........ problem solved :)


No thanks ;-)