Griz Posted March 23, 2007 Report Share Posted March 23, 2007 Hey folks. I got this in a Email today and wanted to pass this on. From the looks of it...This is for real... Subject: Virus Warning: Snopes... Looks like the crooks are at it again! Why can't they leave us computer Dummies alone? Virus Warning I also ran it through snopes & it is REAL! Virus Warning: Do NOT open an e-mail with "Mail Server Report" in the subject line. This one is real! Urgent!! This is a Bad Virus.Please don't open it! This one checks out and is a bonafide real virus soHence the warning. Any email with "Mail ServerReport" in the subject line is a new virus and shouldNot be opened. It comes with an attachment in 'zipFormat. Apparently there is a Zip file attached soBe very leery of anything with a zip file on it. TheMessage tells you that a worm was detected in anE-mail that you Sent out and asks you to open andInstall the attachment to fix the Problem. Only, itIS the problem! You can check it out at snopes: Snopes... (This virus is called Warezov W or W32 ) Quote Link to comment Share on other sites More sharing options...
buckee Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! Isn't that just dandy eh. I'm surprised I didn't get it yet. I get em all it seems. Thanks for the warning. Quote Link to comment Share on other sites More sharing options...
toddyboman Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! Thanks for the head up!! Quote Link to comment Share on other sites More sharing options...
LifeNRA Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! Discovered: September 10, 2006 Updated: February 13, 2007 12:58:54 PM Also Known As: WORM_STRATION.BB [Trend], W32/Stration-X [sophos], Warezov.U [F-Secure], Warezov.W [F-Secure] Type: Worm Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP W32.Stration.AC@mm is a mass-mailing worm that gathers email addresses from the compromised computer. ProtectionVirus Definitions (LiveUpdateâ„¢ Daily) September 10, 2006 Virus Definitions (LiveUpdateâ„¢ Weekly) September 13, 2006 Virus Definitions (Intelligent Updater) September 10, 2006 Virus Definitions (LiveUpdateâ„¢ Plus) September 10, 2006 Threat AssessmentWildWild Level: Low Number of Infections: 0 - 49 Number of Sites: 0 - 2 Geographical Distribution: Low Threat Containment: Easy Removal: Easy DamageDamage Level: Medium Payload: Gathers email addresses from the compromised computer. Modifies Files: Appends text to the hosts file to prevent access to certain URLs. DistributionDistribution Level: Medium Subject of Email: Varies Name of Attachment: Varies Size of Attachment: Varies Writeup By: John Canavan http://www.symantec.com/security_response/writeup.jsp?docid=2006-091012-5303-99 Here is the latest threat!!! Discovered: March 23, 2007 Updated: March 23, 2007 5:01:50 PM Type: Worm Infection Length: 23,552 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP CVE References: CVE-2003-0352 W32.Mancsyn is a worm that spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (BID 8205). It may also download potentially malicious files on to the compromised computer. Note: Virus definitions dated March 23, 2007 or earlier detect this threat as Trojan.Mancsyn.ProtectionVirus Definitions (LiveUpdateâ„¢ Daily) March 24, 2007 Virus Definitions (LiveUpdateâ„¢ Weekly) March 28, 2007 Virus Definitions (Intelligent Updater) March 24, 2007 Virus Definitions (LiveUpdateâ„¢ Plus) March 24, 2007 Threat AssessmentWildWild Level: Low Number of Infections: 0 - 49 Number of Sites: 0 - 2 Geographical Distribution: Low Threat Containment: Easy Removal: Easy DamageDamage Level: Medium Payload: Downloads potentially malicious code on to the compromised computer. Deletes Files: Deletes certain files and registry subkeys from the compromised computer. DistributionDistribution Level: Medium Target of Infection: Computers vulnerable to remotely exploitable vulnerabilities. Writeup By: James O'Connor Quote Link to comment Share on other sites More sharing options...
LifeNRA Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! 'Storm Trojan' Ignites Worm War February 13, 2007 Summary The Trojan horse that pumped up spam volumes in January is at it again, researchers said Monday, and is now spreading over instant messaging and engaging in attacks on rival malware. Source: By Gregg Keizer The Trojan horse that pumped up spam volumes in January is at it again, researchers said Monday, and is now spreading over instant messaging and engaging in attacks on rival malware. Symantec Corp. researchers said that the "Storm Trojan," aka "Peacomm," is now spreading via AOL Instant Messenger (AIM), Google Talk and Yahoo Messenger. An alert to some Symantec customers pegged the new infection vector as "insidious" because the message -- such as the cryptic "LOL " -- and the included URL can be dynamically updated by the attacker. Even worse, according to Alfred Huger, senior director of Symantec's Security Response team, "it injects a message and URL only into already-open windows. It's not just some random message that pops up, but it appears only to people [you are] already talking to. That makes the approach very effective." Moreover, the server from which the malware is downloaded to the victim's PC can be quickly changed by the attacker using the Trojan's peer-to-peer (P2P) control channel. "Everything can constantly change," said Huger. The newest attack by Peacomm follows an earlier campaign in January, when the Trojan got its nickname from e-mail subject headings that touted news of massive storms throughout Europe. But one researcher traced the Trojan further back than that. According to an analysis by Joe Stewart, a SecureWorks senior security researcher, Peacomm is actually a spinoff of last year's "Nuwar" worm. "It's pretty much the same code," said Stewart. Both Stewart and Huger also noted that the Trojan has been behind several recent distributed denial-of-service (DDoS) attacks against antispam Web sites, as well as servers supporting rival malware. Among the multiple second-stage components downloaded to Windows PCs compromised by Peacomm, said Stewart, is a DDoS module that can be enabled at will by the attacker and aimed at any site. The January target list included spamnation.info, which was knocked offline for eight days starting Jan. 12. The better-known spamhaus.org was an indirect victim, too. Systems hijacked by Peacomm have also conducted DDoS attacks against at least five domains used by the creators of the noted Warezov (or Stration) worm. After a busy September and October, Warezov was credited by some analysts as the genesis of 2006's massive fourth-quarter spike in spam volume. "It seems that this spam group is prone to attack anyone that interferes with its business model, be it antispammer or spammer," said Stewart. Symantec's Huger agreed: "Malware groups compete with each other [over compromised systems] as much as for uninfected machines." In fact, according to Symantec's data, the bulk of DDoS activity is due to hacker internecine warfare as one group tries to blunt another's attempt to corral large numbers of PCs in botnets. But the two researchers disagree when it comes to pegging Peacomm with a label. "This guy is pulling from the standard playbook, taking the best techniques and using off-the-shelf protocols," Stewart said as he characterized the malware's maker as persistent, not technically sophisticated. "It's very basic stuff, but it works." Huger sees it differently. "Whether he's technically sophisticated or not, the point is moot," said Huger. "This is very well thought out and very well staged." Quote Link to comment Share on other sites More sharing options...
christsavedme Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! Will this nonsense ever stop! some people really need to get a life! Quote Link to comment Share on other sites More sharing options...
Randy Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! [ QUOTE ] Thanks for the head up!! [/ QUOTE ]Ditto!! Quote Link to comment Share on other sites More sharing options...
arrow32 Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! Heck I just got a virus on our home computer! It wont work for crap now. Thanks for the heads up tho. Quote Link to comment Share on other sites More sharing options...
Guest Finn Posted March 24, 2007 Report Share Posted March 24, 2007 Re: Virus Warning!!!! I never open emails or attachments from folks I don't know. knock on wood, but I haven't had a virus in at least 5 years I never worry about viruses....figure my antivirus program will have it solved before I could. Quote Link to comment Share on other sites More sharing options...
wtnhunt Posted March 25, 2007 Report Share Posted March 25, 2007 Re: Virus Warning!!!! Thanks for the heads up Dale. Quote Link to comment Share on other sites More sharing options...
horst Posted March 25, 2007 Report Share Posted March 25, 2007 Re: Virus Warning!!!! had that virus last week I think.Not sure where it came from, wasnt an email.I caught almost as soon as it infected my computer and had a heck of a time getting rid of it.Im not even sure its gone but my AV programs are no longer picking it up, computers still doing some funny things though.Apparently it was screwing my registery keys or something Quote Link to comment Share on other sites More sharing options...
birdhunter39 Posted March 25, 2007 Report Share Posted March 25, 2007 Re: Virus Warning!!!! thanks for the warning Quote Link to comment Share on other sites More sharing options...
stevebeilgard Posted March 25, 2007 Report Share Posted March 25, 2007 Re: Virus Warning!!!! thanks. i won't open Quote Link to comment Share on other sites More sharing options...
Guest MrsRandy Posted March 26, 2007 Report Share Posted March 26, 2007 Re: Virus Warning!!!! Appreciate the warning...Thanks!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.