[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SO_Security alert



PureBytes Links

Trading Reference Links

jesus - they are come getting us
how can we help.
me's off a suggestion, i probably quit internet soon.
help people help.

----- Original Message -----
From: "Mark Jurik" <mark@xxxxxxxxxxxx>
To: "'Omega List'" <Omega-list@xxxxxxxxxx>; "'MetaStock List'"
<metastock@xxxxxxxxxxxxxxxxxx>; <systems-only@xxxxxxxxxxxxx>
Sent: Friday, November 24, 2000 10:33 PM
Subject: SO_Security alert


> Kapersky Labs reports new Internet viruses on the loose.
>
> --------------------------------------------------------
>
> Kaspersky Lab warns users of the notable activity of
> several dangerous Internet-worms occurring at this time.
> Kaspersky Lab has been receiving reports from users, whose
>  computers have been infected by the Internet-worm Hybris.
> Recently, Kaspersky Lab informed users of this worm's danger,
> and we reiterate that this virus is a very complex malicious code
> that can be updated by its author through his own Web page or
> through an anti-virus conference alt.comp.virus, which is already
>  replete with this virus' components.
>
> Also still active is an Internet-worm called Navidad, and although
>  it is fairly harmless, it still causes users trouble. The infected
> e-mail contains an embedded file and the following message in
> Spanish: "Nunca presionar este boton" (never click on this button).
>  By clicking on this button, a user causes himself headaches,
> because on the screen appears a dialogue box that tells the user
> he has lost his computer due to his curiosity. However, in reality,
> this malicious code is easily deleted.
>
> The first reports of the Internet-worm Music arrived at Kaspersky Lab
> already a week and a half ago, and we estimate that this worm has all
>  the chances of becoming an epidemic.
>
> An entertaining payload hiding the worm's main activity accompanies
> this virus, displaying a Christmas scene and playing a carol.
> Music-worm contains the following Subject and Texts:
>
> Subject: Testing to send file Text: Hi, just testing email using
>  Merry Christmas music file, not bad music.
> or:
> Text: Hi, just testing email using Merry Christmas music file,
> you'll like it.
>
> "Music" has the ability to upgrade its components from an Internet
> site. This malicious utility downloads three files from there (that are
> supposed to be its plugins) detects their versions, and if these versions
>  are above those currently used, the worm replaces its components with
>  new ones. So the worm is able to change its functionality depending
> on its author's needs.
>
> Another Internet-worm that has attracted the attention of Kaspersky
> Lab's specialists is called Blebla, which was discovered on November 16
> in Poland. Several reports also have been received from Denmark. The
> worm appears as an e-mail message in HTML format and has two attached
> files: MYJULIET.CHM and MYROMEO.EXE.
>
> The worm's specifics are that for the start of the malicious program, no
> opening attached file is needed. The worm activates itself automatically
> when an infected message is being opened or previewed. To activate
>  itself, the worm exploits a vulnerability in the Windows scripting
security:
> the first part of the malicious utility contains a script program that is
> automatically executed by this operating system. As a result, the
> CHM-component of the message (the MYJULIET.CHM file) is loaded
> and activated, which in turn executes the MYROMEO.EXE file that is
>  the main worm body itself.
>
> When the malicious programme runs, it opens the Address Book, reads
> E-mail addresses from there and sends its HTML message with the
> attached CHM and EXE files to there. The message has a Subject that
> is randomly selected from the following list:
>
> Romeo&Juliet
> :))))))
> hello world
> !!??!?!?
> subject
> ble bla, bee
> I Love You ;)
> sorry...
> Hey you !
> Matrix has you...
> my picture
> from shake-beer
> Protection procedures thwarting all of the above-mentioned Internet
> worms have been added to the Kaspersky Anti-Virus (AVP) anti-virus
>  database.
>
>
> http://www.markbrown.com/systems-only