Important Information on Computer Viruses

[Odie 0]

From time to time I get information about new information computer viruses. When ever I get e-mails about new viruses I will pass it along to everyone here.

 

Click for Spoiler:

Please read the following and understand, that as we increase the use of computer technology, there are people in the world that will exploit its use. Please be careful with your computer systems whether at work or at home. Below is a list of some of the major threats that we are facing today.

 

 

 

Click for Spoiler:

W32.Dumaru.AI - is a Trojan horse that attempts to steal information from an infected computer. Type: Trojan Horse

Infection Length: 53,248 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

 

 

 

Click for Spoiler:

W32.HLLW.Gearbug@mm is a simple mass-mailing worm that sends itself to all the addresses in the Microsoft Outlook Address Book. The email has the following characteristics: Subject: Security Update

Attachment: ElimB.exe

Also Known As: Bloodhound.W32.VBWORM, I-Worm.generic [Kaspersky], W32/Generic.a@MM [McAfee]

Type: Worm

Infection Length: 32,768 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

 

 

 

Click for Spoiler:

Backdoor.IRC.Aladinz.P - is a backdoor Trojan horse that uses malicious mIRC scripts. This Trojan allows an attacker to access your computer. By default the Trojan listens on TCP port 2688. Variants: Backdoor.IRC.Aladinz

Type: Trojan Horse

Infection Length: Varies

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX

 

 

 

Click for Spoiler:

W32.HLLW.Donk.M - is a network-aware worm. It attempts to connect to a predetermined IRC server to get instructions from the attacker. Type: Worm

Infection Length: 50,688 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Systems Not Affected: DOS, Linux, Macintosh, Microsoft IIS, UNIX

 

 

 

Click for Spoiler:

W32.Welchia.Worm - is a variant of W32.Welchia.Worm. If the version of the operating system of the infected machine is Chinese (Simplified), Chinese (Traditional), Korean, or English, the worm will attempt to download the Microsoft Workstation Service Buffer Overrun and Microsoft Messenger Service Buffer Overrun patches from the Microsoft® Windows Update Web site, install it, and then restart the computer. The worm also attempts to remove the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms.

 

W32.Welchia.B.Worm exploits multiple vulnerabilities, including:

The DCOM RPC vulnerability (first described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit. We recommend that you patch this vulnerability by applying Microsoft Security Bulletin MS03-039.

The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. The worm's use of this exploit will impact Windows 2000 systems and may impact Windows NT/XP systems.

The Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.

The Locator service vulnerability using TCP port 445 (described in Microsoft Security Bulletin MS03-001). The worm specifically targets Windows 2000 machines using this exploit.

 

 

 

Click for Spoiler:

W32.Netsky.P@mm - is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.

 

The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.

 

This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.

 

The W32.Beagle.M@mm - is a polymorphic mass-mailing worm that uses its own SMTP engine to spread through email. Like previous Beagle variants, this worm opens a backdoor (it listens on TCP port 2556) and attempts to spread through file-sharing networks by copying itself to folders that contain "shar" in their names. W32.Beagle.M@mm also infects files with the EXE extension.

 

 

 

Click for Spoiler:

The email has the following characteristics: From: Spoofed to appear as though it is coming from the one of the following addresses at the recipient's domain:

management

administration

staff

noreply

support

Subject: One of the following:

Account notify

E-mail account disabling warning.

E-mail account security warning.

E-mail technical support message.

E-mail technical support warning.

E-mail warning

Email account utilization warning.

Email report

Encrypted document

Fax Message Received

Forum notify

Hidden message

 

 

Incoming message

Notify about using the e-mail account.

Notify about your e-mail account utilization.

Notify from e-mail technical support.

Protected message

RE: Protected message

RE: Text message

Re: Document

Re: Hello

Re: Hi

Re: Incoming Fax

Re: Incoming Message

Re: Msg reply

Re: Thank you!

Re: Thanks B)

Re: Yahoo!

Request response

Site changes

Attachment: A randomly named .exe file, stored inside a .zip file or a .rar file, or a .pif file. The .zip and .rar files file may be password-protected. The file name, without the extension, is one of the following:

Attach

Details

Document

Encrypted

Gift

Info

Information

Message

MoreInfo

Readme

Text

TextDocument

details

first_part

pub_document

text_document

Edited April 15, 2004 by Odie