Internet Alerts & Help (Virus/Worm/Etc)

[TJ]

In This Thread
Put ANY Serious

INTERNET ALERTS
HELP TOOLS/INFO SITES...

Such As;

Virus, Worm, Warnings, Etc...

I WILL DELETE ANY
NON-SERIOUS WARNINGS !
Thanks, TJ

[TJ]

This Was Sent To Me By A Friend In North Dakota, USA Tonight...Important To Pass On! Especially To Member YATA!



Sent: Tuesday, January 20, 2004 11:55 AM
Subject: WARNING FROM THE STATE POLICE PLEASE READ THIS


WARNING FROM THE STATE POLICE PLEASE READ THIS!


I Subject: WARNING From STATE POLICE ........USA (not a joke) State police warning for online: Please read this "very carefully"...then send it out to all the people online that you know. Something like this is nothing to take casually; this is something you DO want to pay attention to. Think ofit as a bit of advice too. If a person
with the screen-name of Monkeyman935 contacts you, do not reply. Do not talk to this person; do not answer any of his/her instant Messages or e-mail. Whoever this person may be, he/she is a suspect for murder in the death of 56 women (so far) contacted through the internet.

Please send this to all the women on your buddy list and ask them to pass this on, as well. This screen-name was se en on Yahoo, AOL, AIM, and Excite, so far.

This is not a joke! Please send this to men too...just in case! Send to everyone you know! Ladies, this is serious.


Jennifer S. Faulkner Education/Information Specialist Roanoke
Fire-EMS
541 Luck Avenue, Suite 120 Roanoke, VA 24016
(540) 853-2257 (phone)
(540) 853-1172 (fax)

[TJ]

This Was Sent To Me By Member DEX Tonight Also...Thought This Was Important Enough To Pass Along To Everyone As Well



Computer users are being warned about a new virus which has spread at "an alarming rate".

Internet security firm MessageLabs says it has detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours.


The computer virus, or worm, which also appears as W32.Beagle.A@mm, is contained in infected emails as an attachment.

The aim of the worm is to spread further by looking for new email addresses in the infected computer, such as in the user's list of contacts.

Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though the sites do not yet appear to be up and running.

Paul Wood, chief information security analyst at the firm, said: "We have seen over 73,000 copies of Bagle, and this number is rising at an alarming rate."

Infected emails include a file attachment ending .exe and the word "hi" in the subject line. The message contains the word "test" followed by the symbol =).


Stay Safe. TC!!!

[Mac]

Damn those people who do this.
Can't they just have a life?

[TJ]

I Got MASSIVE VIRUS This Past Weekend...It Came As A Name I Thought I Knew But With FUCKENSUICIDE@hotmail.com Which Is Not Applicable...Main Subject Area = From: Elene (Name Can Change) Subject: (Fwd: Important Information Read!!!)

Then Cos It Came In Outlook It Was Already Highlighted & Opened But Not The Attached File...It Had A Huge Red HI & Here's The Photo You Asked Me To Send You Yesterday!

It Was Hidden As A Zip File Called MyPhoto.zip But It Was A Hidden .exe (Executable File)...Anyhow, I Virus Scanned This Before Opening It With Norton's Anti-Virus & It Said " NO VIRUS" So, I Thought I Wasn't Doing Something Right On Getting This Zip File To Open...I Was On Phone With Friend, She Says; Fwd It To My Outlook, Tried 3x's Didn't Go To That One...So, It Finally Went Through To The Hotmail Account...SCAREY Cos I Know An Elene As The Bloody Name That Was Used In This Virus...After Deleting It Out Of My Mailbox, Etc...It Kept Remailing Itself To My Addy & Kept Mass Mailing From It...I Blocked The Name BUT It Was Already Too Late & I Should've Shut Down System IMMEDIATELY & CALLED MY INTERNET PROVIDER! Little Things We Think We Can Always Fix Doesn't Sometimes. We Ended Up Deleting, Scanning, Etc But While Doing This It Kept Mass Mailing ALL NIGHT To Other Unweary People ! Anyhow, It Put's Itself Into Your Startup & There's NO WAY For You To Get It Out Without The Proper Software. We Had To Format Our HD & Well We've Never Done This Before On Our Own So IT WAS HELL! We Have To Do It Again Cos We Ran It Doubled ! Thank God For 2 Puters In House ! Or I Wouldn't Be Able To Look At How That One Was Setup! I Am About To Lose It By Swearing So I'll Just Let My Buddy Here Do It ... !

Here's What I Got...But I Will Post After That With A Site For All Of You Weary People To Be PUTER SAFE/AWARE!!!

I-Worm/Bagle
This worm spreads by emails as a message attachment.

Installation:
When the worm is launched it checks actual date and if is the date later then January 28th 2004 it do nothing. In other case virus copies itself as bbeagle.exe to System directory and registers itself as d3dupdate.exe in Run key in Windows Registry. Then it launches calc.exe too.

Spreading: e-mail
Worm spreads by sending itself to e-mail addresses that are taken from files with WAB, TXT, HTM and HTML extension, sender address is faked.
Message format is as following:
Subject:
Hi

Body:
Test =)
--
Test, yep.


Attachment name is random.

Backdoor:
Virus is listening and waiting for commands on port 6777. Virus also tries download the file from web pages coded in virus body, but this pages aren`t accessible at this time.

[TJ]

Here's The Site I Was Telling You About...

Remember, Sometimes Your Greatest Updated Virus Scanner's Won't Pick Up New Virus's/Worm's!!!
And The Subject Area Can Mean Both...BASICALLY, NOT SURE WHO THE MAIL WAS FROM AT ALL...DO NOT OPEN IT OR THE ATTACHMENT JUST DELETE IT & BLOCK THAT SENDER! BETTER TO BE SAFE THAN SORRY!!!

www.grisoft.com/us/us_vir_tt.php#2

[TJ]

Ok, Update On Which Actual Virus Me & Grimsgirl Got Over The Weekend. Which Btw, Doesn't Affect People In Our Address Book...It Just Sent Out Mails Randomly Through Our Server...

We Had The I-Worm/Dumaru (Virus/Worm)
Which I'll Post More Info In Next Post About...

Note: Read The Latest Forms Of Both The;

I-Worm/Bagle
&
I-Worm/Dumaru

In That Link In My Last Post Cos The Info Is Crucial & The Virus's/Worm Has Formed Into Other Versions, Stronger & Newer Backdoors...

The I-Worm/Dumaru (Prounounced Dumb Are You ) Info I Will Make Easier For Info In Next Post & Also The Latest Version Of The Worm...Thanks TJ ...

THE REASON I WANT EVERYONE THAT EITHER VISITS MY SITE TO BE INTERNET AWARE OR JUST SIMPLY MEMBERS AWARE OF THE VIRUS THAT'S TAKING SOAR!

This Is A Very Helpful Link
Taken From Microsoft.com Site Also...

www.microsoft.com/security/articles/remedies_viruses.asp

[TJ]

Here's The New Variant Info About I-Worm/Dumaru

I-Worm/Dumaru
This worm spreads by e-mails as a message attachment.

Installation:
When the worm is launched it copies itself to Windows and System diretcory and registers itself in Run and HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key in Windows registry..

Spreading: e-mail
Worm spreads by sending itself to e-mail addresses that are taken from files with WAB, DBX, HTM and HTML extension. Sender address is fake and is changed to security@microsoft.com.

Message subject is as following:
Use this patch immediately !


Message attachment name is:
patch.exe

Worm also drops component that stores passwords used on infected computer. This component is detected as I-Worm/Dumaru too.

[TJ]

This Is Where I Found The Most Informative Site About This Worm/Virus...

www.symantec.com/

This Next Link Is For Viruses You May Have & The Tools To Fix Them...Read Them All As You Might Pick The Wrong One To Download As We Did...

securityresponse.symantec.com/avcenter/tools.list.html

This Next Link Is The Downloads To Get Rid Of The Dumaru Worm & The Newer Variants Coming Out Yesterday, etc...

securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html

I Sure Hope No One Gets ANY Of These Worms/Viruses & Hopefully Any Of This Info Will Help You! If You Have A Printer...Print This Page As You May Only Have One Computer To Look Back At All This Info/Links !

[TJ]

Indepth: Internet
A COMPUTING CAN OF WORMS
John Bowman,
CBC News Online | Jan. 27, 2004

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.

Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

WHAT'S A WORM?

A worm is a computer virus designed to copy itself, usually in large numbers, by using e-mail or other form of software to spread itself over an internal network or through the internet.

HOW DO THEY SPREAD?

When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).

If you click on the attachment to open it, you'll activate the worm, but in some versions of Microsoft Outlook, you don't even have to click on the attachment to activate it if you have the program preview plane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.

After it's activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program's address book and web pages you've recently looked at, to find them.

Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn't even have to be open for the worm to spread.

Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading.

WHAT DO THEY DO?

Most of the damage that worms do is the result of the traffic they create when they're spreading. They clog e-mail servers and can bring other internet applications to a crawl.

But worms will also do other damage to computer systems if they aren't cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.

The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.

The target of MyDoom's attack is the website of SCO Group Inc., a company that threatened to sue users of the Linux operating system, claiming that its authors used portions of SCO's proprietary code.

The SirCam worm, which spread during the summer of 2001, disguised itself by copying its code into a Microsoft Word or Excel document and using it as the attachment. That meant that potentially private or sensitive documents were being sent over the internet.

HOW DO I GET RID OF THEM?

The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview plane, just to be safe.

Never open attachments you aren't expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)

Also, install anti-virus software and keep it up to date with downloads from the software maker's website. The updates are usually automatic.

Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.

As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don't affect computers that run Macintosh or Linux operating systems.

[jaz]

By the way - in case you don't have a virus detector, you can freely get your pc checked through this website: housecall.trendmicro.com/housecall/start_corp.asp

When you go to this site, it will automatically install its program so that it can perform the check.

[TJ]

Check Out The Latest Worm Called MyDoom At This Site For Up2Date Info/Help/Etc...

www.trendmicro.com/en/home/us/enterprise.htm

Also If Anyone Finds Any Better Sites/Solutions Let Us Know By Replying Thanks TJ

[TJ]

VIRUS ALERTS UPDATES/INFO

www.trendmicro.com/vinfo/

[jaz]

Mac said:

Damn those people who do this.
Can't they just have a life?

They do...it's called being losers and destroying other people's stuff!

[jaz]

What is the Security Threat?

Name: W32.MyDoom.O@MM

The Mydoom.O worm spreads via e-mail messages, peer-to-peer file sharing programs (P2P) and/or search engines such as google.com, altavista.com, search.yahoo.com, search.lycos.com

This virus is also known as:
W32/Mydoom.O@mm,W32/Mydoom.o@MM , W32 Mydoom.M@mm , W32/MyDoom-O , WORM_MYDOOM.M ,
Win32.Mydoom.O Virus Type: worm
Discovery Date: July 26, 2004
Level Threat: HIGH as of July 27, 2004

Which Operating Systems Are Vulnerable? All Windows systems.

How does this virus affect your computer? This worm, which spreads rapidly, contains links to several different search engines and attempts to use them to harvest email addresses. The worm then sends emails with attachments to the email addresses it has harvested. The email contains a fake "From" address and the subject line and message text will vary. Attachment names will also vary. The attachments, if opened, contain a worm that installs in computers and opens a port which is like a backdoor into your computer.

This allows hackers to remotely access the affected computer and obtain confidential information stored on your computer or impede normal computer functions.

What should you do if you are affected by this virus? Purchase and scan your computer immediately with an anti-virus product or bring your computer to a qualified repair centre.
Staples/Business Depot (URL www.staples.ca/) or MDG (URL:
www.mdg.ca/) and they will clean your computer for you.

How can you protect your computer? Activate a firewall security service and make sure you have the latest virus definition file updated on virus protection software.
How can I tell if I have this virus? If you receive e-mails with the following information and have opened an unknown attachment, your computer may be affected by this virus. Below is a sample of various subject lines, message text and attachment names that have been attributed to the Mydoom.0 worm.


Email Subject Lines
The subject line may be blank or one of the following:
Hello, hi, error, status, test, report, delivery failed, Message could not be delivered, Mail System Error - Returned Mail, Delivery reports about your e-mail, Returned mail: see transcript for details, Returned mail: Data format error

Email Message Text
The message text of the email is blank or contains text similar to one of the following messages:
Dear user of < domain>
Mail server administrator of < domain> would like to inform you that
We have detected that your e-mail account &.ect&
Email File Attachment Names
readme, instruction, transcript, mail, letter, file, text, attachment, document, message with an optional extension of DOC, TXT, HTM, HTML and a final extension of EXE, COM, BAT, CMD, SCR or PIF.

The attached file may also be a zip file containing a file named as described above.

To get virus and hacker protection now, visit:
www.netservices.sympatico.ca/

[TJ]

Got this one from a friend a few days ago via Email....

Thought you'd all like to know!

-------------------------------------------------------------------

----- Original Message -----
From: Tina
To: Undisclosed Recipients
Sent: Tuesday, November 01, 2005 7:37 PM


Both Snopes.com and Truthorfiction.com have this as a legitimate warning. Two versions are making the rounds, one Osama Hanged, the other, Osama Captured. Do not go to the web site listed in these emails.

ACTUAL VIRUS

THIS IS TRUE, CONFIRMED BY GOING TO SNOPES.COM OR TRUTHORFICTION.COM

You can check it out before you go any further at:

www.snopes.com/computer/virus/osamahanged.asp

or

www.truthorfiction.com/rumors/o/osama.htm


Emails claiming to show pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!

This e-mail is being distributed through countries around the globe, but mainly in the US and Israel.

Don't be inconsiderate; send this warning to whomever you know.

If you get an email along the lines of " Osama bin Laden Captured " or " Osama Hanged " don't open the attachment.

Origins: There are few headlines that would grab the attention of more computer users around the world than "Osama bin Laden Captured," and that's exactly what whoever created this lure was counting on to snare unsuspecting victims who use Microsoft platforms.

" Osama bin Laden Captured " isn't a virus in itself; it's the text of a message that includes a link to a file called EXPLOIT.EXE. When a message recipient clicks on this link to view what he thinks are pictures of Osama bin Laden's capture, he can end up downloading an executable Trojan known as Backdoor-AZU, BKDR_LARSLP.A, Download. Trojan, TrojanProxy.Win32.Small.b,or Win32.Slarp. Clicking the embedded link in the "Osama bin Laden Captured" message auto-executes a file called "EXPLOIT.EXE," which exploits a known security hole to download the Trojan. According to McAfee Security:

The Trojan opens a random port on the victim's machine. It sends the Port information to a webpage at IP address 66.139.77.145. The Trojan listens on the open port for instructions and redirects traffic to other IP addresses. Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous.

[TJ]

READ UP ON LATEST WORM
FOR ALL USERS WITH EMAILS ...

Set to hit hard on Feb. 3, 2006
&
Every 3rd of the month...

'Kama Sutra' worm

news.zdnet.com/2100-1009_22-6030129.html

Check Other Sites To Read Up
On This Newest Worm!