Odie 0 Posted April 15, 2004 (edited) From time to time I get information about new information computer viruses. When ever I get e-mails about new viruses I will pass it along to everyone here. Click for Spoiler: Please read the following and understand, that as we increase the use of computer technology, there are people in the world that will exploit its use. Please be careful with your computer systems whether at work or at home. Below is a list of some of the major threats that we are facing today. Click for Spoiler: W32.Dumaru.AI - is a Trojan horse that attempts to steal information from an infected computer. Type: Trojan Horse Infection Length: 53,248 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x Click for Spoiler: W32.HLLW.Gearbug@mm is a simple mass-mailing worm that sends itself to all the addresses in the Microsoft Outlook Address Book. The email has the following characteristics: Subject: Security Update Attachment: ElimB.exe Also Known As: Bloodhound.W32.VBWORM, I-Worm.generic [Kaspersky], W32/Generic.a@MM [McAfee] Type: Worm Infection Length: 32,768 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x Click for Spoiler: Backdoor.IRC.Aladinz.P - is a backdoor Trojan horse that uses malicious mIRC scripts. This Trojan allows an attacker to access your computer. By default the Trojan listens on TCP port 2688. Variants: Backdoor.IRC.Aladinz Type: Trojan Horse Infection Length: Varies Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX Click for Spoiler: W32.HLLW.Donk.M - is a network-aware worm. It attempts to connect to a predetermined IRC server to get instructions from the attacker. Type: Worm Infection Length: 50,688 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected: DOS, Linux, Macintosh, Microsoft IIS, UNIX Click for Spoiler: W32.Welchia.Worm - is a variant of W32.Welchia.Worm. If the version of the operating system of the infected machine is Chinese (Simplified), Chinese (Traditional), Korean, or English, the worm will attempt to download the Microsoft Workstation Service Buffer Overrun and Microsoft Messenger Service Buffer Overrun patches from the Microsoft® Windows Update Web site, install it, and then restart the computer. The worm also attempts to remove the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms. W32.Welchia.B.Worm exploits multiple vulnerabilities, including: The DCOM RPC vulnerability (first described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit. We recommend that you patch this vulnerability by applying Microsoft Security Bulletin MS03-039. The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. The worm's use of this exploit will impact Windows 2000 systems and may impact Windows NT/XP systems. The Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049. The Locator service vulnerability using TCP port 445 (described in Microsoft Security Bulletin MS03-001). The worm specifically targets Windows 2000 machines using this exploit. Click for Spoiler: W32.Netsky.P@mm - is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. The W32.Beagle.M@mm - is a polymorphic mass-mailing worm that uses its own SMTP engine to spread through email. Like previous Beagle variants, this worm opens a backdoor (it listens on TCP port 2556) and attempts to spread through file-sharing networks by copying itself to folders that contain "shar" in their names. W32.Beagle.M@mm also infects files with the EXE extension. Click for Spoiler: The email has the following characteristics: From: Spoofed to appear as though it is coming from the one of the following addresses at the recipient's domain: management administration staff noreply support Subject: One of the following: Account notify E-mail account disabling warning. E-mail account security warning. E-mail technical support message. E-mail technical support warning. E-mail warning Email account utilization warning. Email report Encrypted document Fax Message Received Forum notify Hidden message Incoming message Notify about using the e-mail account. Notify about your e-mail account utilization. Notify from e-mail technical support. Protected message RE: Protected message RE: Text message Re: Document Re: Hello Re: Hi Re: Incoming Fax Re: Incoming Message Re: Msg reply Re: Thank you! Re: Thanks B) Re: Yahoo! Request response Site changes Attachment: A randomly named .exe file, stored inside a .zip file or a .rar file, or a .pif file. The .zip and .rar files file may be password-protected. The file name, without the extension, is one of the following: Attach Details Document Encrypted Gift Info Information Message MoreInfo Readme Text TextDocument details first_part pub_document text_document Edited April 15, 2004 by Odie Share this post Link to post Share on other sites