Results 1 to 4 of 4
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    This one has been doing the rounds since Sunday but is no generating more virus-infected emails than Klez (i.e. it's the number 1 virus of the moment).

    It can spread through unpatched versions of Outlook Express and IE *without* you having to open the attachment (it uses the IFRAME vulnerability).

    So, make sure your patches are up-to-date from Microsoft Windows Update and upgrade your anti-virus scanners.

    For more information see McAfee and F-Secure.

    BUT what's really NASTY is the HEADERS on the mail messages.. they look like they're aimed at webmasters and affiliate marketers, for example:

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>25 merchants and rising
    Announcement
    I need help about script!!!
    Market Update Report
    Membership Confirmation
    My eBay ads
    Payment notices
    Please Help...
    Re: $150 FREE Bonus!
    Report
    SCAM alert!!!
    Stats
    Tools For Your Online Business
    Your News Alert <HR></BLOCKQUOTE>

    Evil, huh?

    Меня зовут Динаму

  2. #2
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Moo,

    It paid me a visit this morning. Norton caught it. In your reading did you see anything where it forges the return addresses like Klez does? The one I got came from addy that had affiliate something in the return address. And the subject line was about joining an affiliate program. I can't remember exactly now and I deleted it immediately.

    What's really nasty is that it allows a back door into your system and monitoring of such things as keystrokes. [img]/infopop/emoticons/icon_frown.gif[/img] Plus all the usual email worm things.

    The people who start these things should be strung up by...well....their you know whats!

    I'm still going to do a full system virus scan this evening though. You sure your system is clean considering those spams you've been getting? I should go check and see when this bugger got tagged and into the virus data files.

    Keep Your Hands Off My Cookies

  3. #3
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Norton says they picked it up on Sept 30th. It's also the day LiveUpdate ran. Glad it didn't run on the 29th.

    Keep Your Hands Off My Cookies

  4. #4
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Yes, it fakes the sender name like Klez does.

    It also sends out network probes scanning for vulnerabilities on port 137 (NetBIOS). It looks to me like it tries to local subnet first (like Code Red). I'm getting about one probe every 2 minutes right now and it's getting worse.

    F-Secure have categorised this as a Level 1 incident, which is as serious as it gets, but CERT hasn't issued an advisory yet, and the Internet Storm Center is still showing an InfoCon of green, but I think that will change.

    Меня зовут Динаму

  5. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Virus Warning on Datafeed
    By glittered in forum ShareASale - SAS
    Replies: 3
    Last Post: May 7th, 2013, 05:39 AM
  2. Warning - Yahoo IM Virus/Scam
    By Billy Kay in forum Midnight Cafe'
    Replies: 9
    Last Post: August 14th, 2007, 01:08 PM
  3. phone virus WARNING
    By Neil in forum Midnight Cafe'
    Replies: 5
    Last Post: April 21st, 2005, 09:50 PM
  4. Virus Warning..Here We Go Again
    By TH Media in forum Midnight Cafe'
    Replies: 3
    Last Post: May 15th, 2002, 05:34 PM
  5. [b]e-mail virus Warning[/b]
    By Gordon in forum Midnight Cafe'
    Replies: 1
    Last Post: May 8th, 2002, 09:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •