Virus FYI

[Team Realtree]

Got this from our IT guy tonight and thought I would pass it along:

Team:

It has come to my attention that for users of Windows XP, tomorrows date, February 3 is set to be a trigger for a particularly nasty Worm who’s sole purpose is to destroy data on your hard drive.

Realtree’s network is protected by some of the best Anti-Virus software available and I don’t expect there to be any problems.

You can help us avoid anything bad by following one simple rule: Do not under any circumstances open an email from someone you don’t know, especially if it contains an attachment!

Thank you

[dogdoc]

Re: Virus FYI

thanks for the heads up!

[VermontHunter]

Re: Virus FYI

YEP, Zone Labs notifies me this morning about this virus... but thanks for the heads up Scott...

Here's some info on this particular virus...

Severity: High

BlackWorm Email Worm

Overview: BlackWorm is an email worm that uses its own SMTP engine to spread through e-mail and open network shares. Blackworm is also known as BlackWorm/Nyxem/Blackmal/Blueworm/Grew. This vulnerability has been classified as "High Risk." Computer users should take appropriate action to be protected against this worm.

Date Published: January 25, 2006

Date Last Revised: January 25, 2006

Impact: Using its own SMTP engine, BlackWorm spreads using different subjects, email bodies and attachments. The attachments sent by the worm may contain the following extensions: pif, scr, mim, uue, hqx, bhx, b64, and uu. On February 3rd, computers that are infected with BlackWorm will have the following file types overwritten by the worm: DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP. The files are overwritten with an error message ('DATA Error [47 0F 94 93 F4 K5]').

Platforms Affected:

Windows 2000

Windows 95

Windows 98

Windows Me

Windows NT

Windows Server 2003

Windows XP

Recommended Actions:

Check Point Integrity®:

Check Point Integrity protects your system against this vulnerability through the following available services:

Advanced Cooperative Enforcement

Use Advanced Cooperative Enforcement to enforce policy upon remote endpoints.

Anti-Virus Rules

Anti-Virus Rules enforce version of AV engines and definition files. Integrity Administrators should download the latest engine(s) and definition file(s).

Classic Firewall Rules

It is recommended that you ensure:

• Only trusted hosts are in the ‘Trusted’ Zone.

E-Mail Protection

It is recommended that you block both inbound and outbound *.pif, *.scr, *.mim, *.uue, *.hqx, *.bhx, *.b64, and *.uu emails using E-Mail Protection.

SmartDefense Program Advisor

SmartDefense Program Advisor automatically blocks malware. It is recommended that you ensure the following:

• Internet Zone Security is set to High.

• Trusted Zone Security is set to Medium.

For more information about activating SmartDefense Program Advisor, please refer to CPSA-2005-10.

It is recommended that you ensure the following:

Internet Zone Security is set to High.

Trusted Zone Security is set to Medium.

Only trusted hosts are in the ‘Trusted' Zone.

Block both inbound and outbound *.pif, *.scr, *.mim, *.uue, *.hqx, *.bhx, *.b64, and *.uu emails using E-Mail Protection.

Update antivirus products to provide the most up-to-date protection.

Be smart folks and get that Anti Virus Updated and don't open any attachments....

[younameit]

Re: Virus FYI

Thanks for the heads up

[whttlbucksteve]

Re: Virus FYI

Thanks for that info

[huntinsonovagun]

Re: Virus FYI

Thanks so much! Bump to the top!

[Jeramie]

Re: Virus FYI

Nice.... Just another stupid worm to worry about!

Thanks for the heads up...