ATT: Mother and all

I've just recieved a mail containing a zip which contains and exe called shower.exe. supposedly from snipped-for-privacy@101fc.com.

I don't for one minute asume it is Martin, which means either it's a harvest or worse, it's someone trying to be bad.

Cheers

Paul

Reply to
Megalowmania
Loading thread data ...

No , the subject was "unknown". Just thought I would give a heads up to all those using Windoze.

Cheers

Paul

Reply to
Megalowmania

Was it called "something about you"? If so, I've just had a couple through which weren't picked up by my virus checker. New virus?

David

Reply to
David French

Oh, in that case it probably is Martin having a mid week chuckle {:-)

Cheers

Paul

Reply to
Megalowmania

I've now had it 5 times in the last 10 mins and Norton isn't picking it up. A different subject/content each time. Doesn't seem to match the virus knowledge bases so maybe it's a new one.

D
Reply to
David French

... and neither is Grisoft AVG. So much for protection... I guess it's got to me before it's got to them.

Reply to
David French

Here you go. At least somebody's on to it.

From: Clearswift Threat Lab [mailto: snipped-for-privacy@lists.mimesweeper.com] Sent: 18 February 2004 14:37 To: Threat Lab News Subject: [threatnews] W32.Netsky.B Worm Alert Dear Subscriber

Aliases: W32/Netsky-B, W32/Netsky.b@MM, WORM_NETSKY.B, I-Worm.Moodown.B

Description of Incident

A new mass-mailing worm has appeared in moderate-large numbers. It copies itself as a either a zip archive or an executable file. When as a zip the user has to unzip and run the executable.

Subject: Randonly chosen from:

unknown fake stolen information warning something for you read it immediately hello

Message body: Randonly chosen from:

something is fool something is going wrong you are bad you try to steal you feel the same you earn money thats wrong why? take it easy reply do you? that's funny here, the cheats here, the introduction here, the serials from the chatter about me information about you something is going wrong! stuff about you? greetings see you here it is that is bad yes, really? i found this document about you your name is wrong i hope it is not true! kill the writer of this document! something about you! I have your password! you are a bad writer is that from you? i wait for a reply! is that your account? is that your name? is that true? here my hero read it immediately! here is the document. read the details. i'm waiting what does it mean? anything ok?

Attachment: One of the following file names with a double extension

misc party disco part2 mail2 object ranking dinner release final location jokes friend website mails story found nomoney aboutyou shower topseller product swimmingpool bill note concert textfile posting stuff attachment details creditcard message talk document unknown fake stolen information warning something for you read it immediately hello

First extions are: .txt .rtf .doc .htm

For the second extension the worm uses the following:

.exe .scr .com

Severity: Medium Incidence: Medium Potential impact: High

Avoidance Action:

(1) Block on exectuable file types of .EXE (and as matter of routine, .COM, .PIF, .SCR and .BAT), using the filename blocker and/or the data type manager.

(2) Apply antivirus signature updates as and when available.

Reference Links:

N.B. If your mail client extends any of the following URLs over a single line, cut and paste the entire address (within the angle brackets) into your browser.

Antivirus Descriptions:

Pete Simpson ThreatLab Manager

Reply to
David French

Just been reading about it on the McAfee site, W32/Netsky.a@MM came out on the 16th Feb and W32/Netsky.b@MM came out today, the 18th. I presume that's what the auto-update was for this morning.

Reply to
Bob Hobden

There are a number of worms - a couple of which are only days old, which when AFFECTING A MACHINE WILL SEND THEMSELVES TO EVERYBODY LISTED IN THE 'ADDRESS BOOK' ON THAT MACHINE, THEN PICK ONE OF THOSE ADDRESSES AT RADOM TO SEND ITSELF 'FROM'. It's important to recognise when this is happening and it really doesn't help when automated virus scanners send 'you've got a virus' messages to the (faked) sender.

These worms are why many will find their inbox flooded with 'undeliverable' messages.

Also worth noting that these worms infect Windoze machines, and most commonly Outlook (spit) / Outlook Express (spit puke). As I use neither I don't generally tend to worry about these kind of things...

Reply to
Mother

Had a warning from Symantec about this one this very morning. Norton included it in their database a few days ago, apparently. If you use NAV and have an update from 12th Feb (or later) then you should be protected ;-)

HTH Regards Steve G

Reply to
SteveG

You and me both then.

Cheers

Paul

Reply to
Megalowmania

On or around Thu, 19 Feb 2004 00:26:52 GMT, SteveG enlightened us thusly:

that reminds me, auto-update on my AV failed last night 'cos the internet connection had died... sounds like I'd better do it manually.

Reply to
Austin Shackles

It's a good idea to double check manually anyway. AV vendors understandably see a huge surge of downloads whenever a new virus is announced and consequently bandwidth and servers tend to be found lacking at times.

Reply to
Mother

If you have Windows then you automatically have OE which makes you vulnerable even if you don't use it. You can uninstall it manually or use the free software from

formatting link

A

Reply to
Adam Swire

Erm, s'uze me for saying, but that's total bollocks.

Reply to
Mother

Just received another email from Symantec - they've raised the threat level on this virus to 4 (on a scale of 1 - 5) due to it's propensity and number of reports they're getting from users.

Regards Steve G

Reply to
SteveG

Snap. Well, I use Windoze, but not OE or IE. Funnily enough I have been completely unaffected by the recent spate of viruses.

Come to think of it, I've only managed too get 3 viruses in the last

10 years

Alex

Reply to
Alex

Well, if you don't use it and there's no addresses in the address book, and no POP/SMTP server configured in it, then any virus that tries to use it won't get very far anyway, will it?

Alex

Reply to
Alex

I thought it was always in the default installation ?

Steve

Reply to
Steve

Don't tell me, two were sorted with some cream but mudpluggeritis is harder to shift ?

{;-)

Cheers

Paul

Reply to
Megalowmania

MotorsForum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.