Back to the Computer Lab's Start Page
Is It True??
|
Specific Virus links -- ZDNet UK - News - Homepage - Security
-
Current Threats: - Tuesday 3/2/04 -- Many new variants of Bagle &
Netsky -- still the best defense is do not open
attachments, keep your antivirus up to date, and don't
share folders.
- Links to McAfee "Newly Discovered Threats" --
- Link to McAfee "Recently Updated Threats" --
- Mydoom.F
& Netsky.C -- update 2/26/04
- Mydoom.F is more
destructive than earlier versions, even though it hasn't
spread as rapidly. It deletes files on your computer. (Plus
all the other ominous stuff from the earlier versions
- McAfee DAT 4327, issued 2/23/04
- Netsky.C --
spreading rapidly
- McAfee DAT 4328, issued 2/25/04
- This virus spreads via email and mapped drives. It sends itself to addresses found on the victim's machine and by copying itself to folders on drives C: - Z:.
- Mydoom.F is more
destructive than earlier versions, even though it hasn't
spread as rapidly. It deletes files on your computer. (Plus
all the other ominous stuff from the earlier versions
Mydoom.F -- view McAfee page about this worm (where the information below comes from)
- This is a mass-mailing and share-hopping worm
that bears the following characteristics:
- contains its own SMTP engine to construct outgoing messages
- contains ability to copy itself to mapped drives
- contains a backdoor component--gives hackers direct access to your computer
- contains a Denial of Service payload
- contains payload of deleting files
- It "spoofs" the From: address--i.e. it may
appear to be from somebody you know, but not
even have come from their computer.
- you tend to trust attachments from people you know, but don't trust any attachments, even if they seem to be from somebody you know.
- getting the virus "From" someone does not mean they actually have the virus on their computer, because it probably did not even come from them.
- you may get messages from e-mail servers saying that your computer is infected, which may not be the case. -- this would be because someone elses computer has the virus and has your e-mail address stored somewhere on it, so that their virus sent a message to someone else and pretended it was sent from you... (Are we having fun yet?)
- The icon used by the file tries to make it appear as
if the attachment is a text file:
- The worm makes copies of itself as .zip archives or .exe in different directories on local and mapped drives. The filenames are random alphabetical names and are 34 Kbytes in size.
- The worm searches local and mapped drives to delete a percentage of files with the following extensions: [bmp, avi, jpg, sav, xls, doc, mdb]
- Remote Access Component -- The worm listens on port 1080 on the infected machine. It also opens a list of other ports. The range of ports are from 3000 ~ 5000. This allows hackers to enter your computer directly from the Internet
- Denial of Service Component -- on various dates, launches Denial of Service attacks against www.microsoft.com and www.riaa.com
Netsky.C -- view McAfee page about this worm -- spreading rapidly -- using McAfee antivirus, "compressed file" detection must be turned on.
- actually, you should just follow the link above and
read what McAfee says, but meanwhile:
- arrives as attachment to e-mail message, may appear to be from someone you know,
- Also propagates via KaZaa, Bearshare, Limewire, and other P2P application that use shared folder names containing the words share or sharing.
- Tuesday 3/2/04 -- Many new variants of Bagle &
Netsky -- still the best defense is do not open
attachments, keep your antivirus up to date, and don't
share folders.
- Bugbear.B
- Sobig.C
| Antivirus Vendor Sites
Websense Security Labs - Websense Alerts Aladdin Knowledge Systemshttp://www.aks.com/home/csrt/valerts.asp
|