BEWARE, YET ANOTHER NASTY VIRUS......
Join Date: Mar 2000
Location: Arizona USA
Posts: 8,571
Likes: 0
Received 0 Likes
on
0 Posts
Received one this morning from HKG. Suspect it was forwarded from one of the guys from CX who don't like my views on their little "action".
Deleated unopened, as usual.
Think the word is starting to get around about these problems.
Don't open....unless you know positively know who it's from.
Deleated unopened, as usual.
Think the word is starting to get around about these problems.
Don't open....unless you know positively know who it's from.
Join Date: Mar 2000
Location: Arizona USA
Posts: 8,571
Likes: 0
Received 0 Likes
on
0 Posts
BOAC---
You are quite right.
I forwarded same to a friend of mine at the NSA, as the USA has criminal penalties for this sort of behavior.
HKG government concurs.
Maybe jail time will be the result. Hope so!!
You are quite right.
I forwarded same to a friend of mine at the NSA, as the USA has criminal penalties for this sort of behavior.
HKG government concurs.
Maybe jail time will be the result. Hope so!!
Chief PPRuNe Pilot
Once again I read from some of the replies here that there are still people who are accepting the fact that an email may be from someone they know and have an attachment then it is OK to open it. DON'T.
I will reiterate here what I have been telling everyone who will take the time to read this: Never, ever, ever, EVER, E V E R, open ANY attachment to an email unless you have specifically requested it from someone you know. Only by sticking to that rule will you be certain that you will not get contaminated by this nasty virus.
Also, never, ever, EVER, reply, forward or send back the email with the attachment. The address show as who it is from may and most probably will not be the person who actually sent the virus to you. The virus is not sent deliberately or knowingly but works in the background of your PC and sends them when you are logged on. You may just be sending the virus to someone who is not yet infected and thus helping to spread it instead of trying to contain it.
I am receiving over 50 of these horrible little emails with attachments, some of them over a megabyte in size, every day. To stop my internet connection slowing down when my email software tries to download my email when I first log on I do the following:
If I have been offline for more than an hour or so then before I launch my email software I launch my browser and go to Mail2Web and from there I can log into my mail server and see all the messages waiting to be downloaded. It is very easy to spot all the ones with the virus as they are all over 100Kb in size. From the screen I can delete all the infected files and at the same time all the spam gets deleted. I do this for several accounts that I use.
Once I have deleted the messages I don't want I then launch my email software and only the mail I want is downloaded for reading.
After this, as I am often logged on for several hours it is not a major problem because my email software scans my email server for new mail every 5 minutes and a longer than normal download is not a problem as it goes on in the background. As soon as I see ANY email with an attachment then it is automatically deleted.
So, there you have it... Don't reply or resend any of the messages you receive with attachments, whether SirCam or whatever. Definitely DO NOT open any attachments. Just get into the habit of DELETING the whole email as soon as you receive it. Trust me, you will not be missing anything.
Unfortunately there will always be people who do not understand all this and there will be those too stupid to heed the information and those too inquisitive to not open an attachment so we will always have to be on our guard for thse viruses. The little gob*****s who write them need to be locked up but instead they will probably be recruited by the intelligence services of various countries and be paid handsomely to disrupt the 'enemies' IT infrastructure.
Just remember: NEVER, EVER, EVER, open ANY attachments unless you specifically requested it. Just trash the email and get on with your life.
I will reiterate here what I have been telling everyone who will take the time to read this: Never, ever, ever, EVER, E V E R, open ANY attachment to an email unless you have specifically requested it from someone you know. Only by sticking to that rule will you be certain that you will not get contaminated by this nasty virus.
Also, never, ever, EVER, reply, forward or send back the email with the attachment. The address show as who it is from may and most probably will not be the person who actually sent the virus to you. The virus is not sent deliberately or knowingly but works in the background of your PC and sends them when you are logged on. You may just be sending the virus to someone who is not yet infected and thus helping to spread it instead of trying to contain it.
I am receiving over 50 of these horrible little emails with attachments, some of them over a megabyte in size, every day. To stop my internet connection slowing down when my email software tries to download my email when I first log on I do the following:
If I have been offline for more than an hour or so then before I launch my email software I launch my browser and go to Mail2Web and from there I can log into my mail server and see all the messages waiting to be downloaded. It is very easy to spot all the ones with the virus as they are all over 100Kb in size. From the screen I can delete all the infected files and at the same time all the spam gets deleted. I do this for several accounts that I use.
Once I have deleted the messages I don't want I then launch my email software and only the mail I want is downloaded for reading.
After this, as I am often logged on for several hours it is not a major problem because my email software scans my email server for new mail every 5 minutes and a longer than normal download is not a problem as it goes on in the background. As soon as I see ANY email with an attachment then it is automatically deleted.
So, there you have it... Don't reply or resend any of the messages you receive with attachments, whether SirCam or whatever. Definitely DO NOT open any attachments. Just get into the habit of DELETING the whole email as soon as you receive it. Trust me, you will not be missing anything.
Unfortunately there will always be people who do not understand all this and there will be those too stupid to heed the information and those too inquisitive to not open an attachment so we will always have to be on our guard for thse viruses. The little gob*****s who write them need to be locked up but instead they will probably be recruited by the intelligence services of various countries and be paid handsomely to disrupt the 'enemies' IT infrastructure.
Just remember: NEVER, EVER, EVER, open ANY attachments unless you specifically requested it. Just trash the email and get on with your life.
Guest
Posts: n/a
Danny,
I agree with all you said, however even when you are expecting an email you must still be very careful.
I have only ever had three separate viruses reach my computer over the years, luckily all stopped by my MCAfee Activeshield before they did any harm.
One of them, several years ago now, was from a very reputable Hotel in Hong Kong. I had sent them an email asking for some details of the Hotel for a planned trip. When I received an email reply, with attachment, the next day I went to download the attachment, as I had asked for this information, and Activeshield warned me NOT to as it was infected.
So even an email that you are expecting, from a reputable source, can still be trouble.......
Best regards,
"lame"
I agree with all you said, however even when you are expecting an email you must still be very careful.
I have only ever had three separate viruses reach my computer over the years, luckily all stopped by my MCAfee Activeshield before they did any harm.
One of them, several years ago now, was from a very reputable Hotel in Hong Kong. I had sent them an email asking for some details of the Hotel for a planned trip. When I received an email reply, with attachment, the next day I went to download the attachment, as I had asked for this information, and Activeshield warned me NOT to as it was infected.
So even an email that you are expecting, from a reputable source, can still be trouble.......
Best regards,
"lame"
Chief PPRuNe Pilot
Better still... get a Mac and you can't get infected with all those crappy PC viruses. 
If you write to anyone requesting information tell them not to send it as an attachment but just type the details into the email. So much easier and less risky.
Anyone who buys a PC and runs any Microsoft software, including Windoze XX deserves everything they get. Anyone with a teeny bit of originality will go for something that isn't bog standard Microcrap and won't suffer the consequences of a second rate operating system and the multitudes of viruses and worms that are written every day by spotty oiks. It never ceases to amaze me how many people buy a PC running MS crapware just because everybody else does. Like lambs to the slaughter!
Off soapbox!
If you write to anyone requesting information tell them not to send it as an attachment but just type the details into the email. So much easier and less risky.
Anyone who buys a PC and runs any Microsoft software, including Windoze XX deserves everything they get. Anyone with a teeny bit of originality will go for something that isn't bog standard Microcrap and won't suffer the consequences of a second rate operating system and the multitudes of viruses and worms that are written every day by spotty oiks. It never ceases to amaze me how many people buy a PC running MS crapware just because everybody else does. Like lambs to the slaughter!
Off soapbox!
Join Date: Jan 2001
Location: The Burrow, N53:48:02 W1:48:57, The Tin Tent - EGBS, EGBO
Posts: 2,297
Likes: 0
Received 0 Likes
on
0 Posts
Lame - have you checked the constituents of your Mac? You and BOAC should check the "Macdonalds, Fries and Mice" thread on page 2 of Jetblast BEFORE tucking in. I don't recommend it afterwards. 
[ 28 July 2001: Message edited by: DX Wombat ]
[ 28 July 2001: Message edited by: DX Wombat ]
[ 28 July 2001: Message edited by: DX Wombat ]
[ 28 July 2001: Message edited by: DX Wombat ]
Join Date: Mar 2000
Location: Bothell WA
Posts: 2,809
Likes: 0
Received 0 Likes
on
0 Posts
Norton found this one yesterday when I downloaded my email. It is #2 on the threat list behind Sircam. It sends messages to your unread mail.
W32.Badtrans.13312@mm
Discovered on: April 11, 2001
Last Updated on: June 21, 2001 at 07:40:49 AM PDT
Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread messages in your email message folders and drops a backdoor Trojan.
Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
Category: Worm
Payload:
Large scale e-mailing: It replies to all unread messages in the message folders within the default MAPI email program.
Compromises security settings: It drops a backdoor Trojan.
Technical description:
When the worm is executed, it drops the backdoor Trojan Hkk32.exe into the \Windows folder and executes it. It then copies itself into the \Windows folder as inetd.exe, adds a run= line to the Win.ini file, and displays the following message: File data corrupt:
Probably due to bad data transmission or bad disk access.
The next time that the computer is restarted, the worm waits for five minutes and then uses MAPI to find all unread email messages and reply to all of them. The worm attaches itself to the message using one of the following file names:
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif
W32.Badtrans.13312@mm
Discovered on: April 11, 2001
Last Updated on: June 21, 2001 at 07:40:49 AM PDT
Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread messages in your email message folders and drops a backdoor Trojan.
Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
Category: Worm
Payload:
Large scale e-mailing: It replies to all unread messages in the message folders within the default MAPI email program.
Compromises security settings: It drops a backdoor Trojan.
Technical description:
When the worm is executed, it drops the backdoor Trojan Hkk32.exe into the \Windows folder and executes it. It then copies itself into the \Windows folder as inetd.exe, adds a run= line to the Win.ini file, and displays the following message: File data corrupt:
Probably due to bad data transmission or bad disk access.
The next time that the computer is restarted, the worm waits for five minutes and then uses MAPI to find all unread email messages and reply to all of them. The worm attaches itself to the message using one of the following file names:
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif
Guest
Posts: n/a
McAfee have this listed too, it is as you said a fairly old one, found on 11-4-2001 originating they say from New Zealand. They have it as a medium risk, nothing like as bad as Sircam.
Only W32/Parrot@MM is newer than Sircam, and it is low risk so far.
Only W32/Parrot@MM is newer than Sircam, and it is low risk so far.
Join Date: Jan 2001
Location: The Burrow, N53:48:02 W1:48:57, The Tin Tent - EGBS, EGBO
Posts: 2,297
Likes: 0
Received 0 Likes
on
0 Posts
Apparently one did and it WAS the furry, deceased variety not a useful bit of computer equipment. Wish I could remember where I read about it.
Guest
Posts: n/a
Following is latest from Microsoft on Code Red............
The Microsoft Security Response Center, along with other
organizations listed below, is jointly publishing this alert that
ALL IIS ADMINISTRATORS ARE ASKED TO READ
A Very Real and Present Threat to the Internet:
July 31 Deadline For Action
Summary:
The Code Red Worm and mutations of the worm pose a
continued and serious threat to Internet users. Immediate action
is required to combat this threat. Users who have deployed
software that is vulnerable to the worm (Microsoft IIS
Versions 4.0 and 5.0) must install, if they have not done so
already, a vital security patch.
How Big Is The Problem?
On July 19, the Code Red worm infected more than 250,000 systems
in just 9 hours. The worm scans the Internet, identifies
vulnerable systems, and infects these systems by installing
itself. Each newly installed worm joins all the others causing
the rate of scanning to grow rapidly. This uncontrolled growth
in scanning directly decreases the speed of the Internet and
can cause sporadic but widespread outages among all types of
systems. Code Red is likely to start spreading again on
July 31st, 2001 8:00 PM EDT and has mutated so that it may be
even more dangerous. This spread has the potential to disrupt
business and personal use of the Internet for applications such
as electronic commerce, email and entertainment.
Who Must Act?
Every organization or person who has Windows NT or Windows 2000
systems AND the IIS web server software may be vulnerable.
IIS is installed automatically for many applications. If you
are not certain, follow the instructions attached to determine
whether you are running IIS 4.0 or 5.0. If you are using
Windows 95, Windows 98, or Windows Me, there is no action that
you need to take in response to this alert.
What To Do If You Are Vulnerable?
a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection:
Install Microsoft's patch for the Code Red vulnerability problem:
- - Windows NT version 4.0:
http://www.microsoft.com/Downloads/R...eleaseID=30833
- - Windows 2000 Professional, Server and Advanced Server:
http://www.microsoft.com/Downloads/R...eleaseID=30800
Step-by-step instructions for these actions are posted at http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/itsolutions/security/topics/codeptch.asp
Microsoft's description of the patch and its installation,
and the vulnerability it addresses is posted at: http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS01-033.asp
Because of the importance of this threat, this alert is
being made jointly by:
Microsoft
The National Infrastructure Protection Center
Federal Computer Incident Response Center (FedCIRC)
Information Technology Association of America (ITAA)
CERT Coordination Center
SANS Institute
Internet Security Systems
Internet Security Alliance
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO2Wpgo0ZSRQxA/UrAQFQeQgAgmva53MJdjGF4u4oFXcAJICgf+1YTd1n
IJ7XIPPjTFkc5/8Fqe0lbFY7ZeBNAvGGI276RPkebmTz1WAJ08MNe9uvMJAuyULw
nOU8sMIO7S0Z5Z65/UYow0ui2qLVdmioqf809RAydHPdj1GINU0yDNS1HwwfjZia
0wBN+GjyjbdMU6bgMadoMdRgvCwdx2Jzr8ExAnFeNtLxRjwct3mv23bCrln1 h80I
4awW0GPPd5iFzLIZX+QVh9/qkPdYm3SD1e8rs8GK69dub1AsVoKdXea+EHb3YckO
9XfuZdhxy6I+PnZJ8woSSNqtuZ2zKuS+q4kdPt0Abh0ToCbR4jK91A==
=a2a5
-----END PGP SIGNATURE-----
The Microsoft Security Response Center, along with other
organizations listed below, is jointly publishing this alert that
ALL IIS ADMINISTRATORS ARE ASKED TO READ
A Very Real and Present Threat to the Internet:
July 31 Deadline For Action
Summary:
The Code Red Worm and mutations of the worm pose a
continued and serious threat to Internet users. Immediate action
is required to combat this threat. Users who have deployed
software that is vulnerable to the worm (Microsoft IIS
Versions 4.0 and 5.0) must install, if they have not done so
already, a vital security patch.
How Big Is The Problem?
On July 19, the Code Red worm infected more than 250,000 systems
in just 9 hours. The worm scans the Internet, identifies
vulnerable systems, and infects these systems by installing
itself. Each newly installed worm joins all the others causing
the rate of scanning to grow rapidly. This uncontrolled growth
in scanning directly decreases the speed of the Internet and
can cause sporadic but widespread outages among all types of
systems. Code Red is likely to start spreading again on
July 31st, 2001 8:00 PM EDT and has mutated so that it may be
even more dangerous. This spread has the potential to disrupt
business and personal use of the Internet for applications such
as electronic commerce, email and entertainment.
Who Must Act?
Every organization or person who has Windows NT or Windows 2000
systems AND the IIS web server software may be vulnerable.
IIS is installed automatically for many applications. If you
are not certain, follow the instructions attached to determine
whether you are running IIS 4.0 or 5.0. If you are using
Windows 95, Windows 98, or Windows Me, there is no action that
you need to take in response to this alert.
What To Do If You Are Vulnerable?
a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection:
Install Microsoft's patch for the Code Red vulnerability problem:
- - Windows NT version 4.0:
http://www.microsoft.com/Downloads/R...eleaseID=30833
- - Windows 2000 Professional, Server and Advanced Server:
http://www.microsoft.com/Downloads/R...eleaseID=30800
Step-by-step instructions for these actions are posted at http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/itsolutions/security/topics/codeptch.asp
Microsoft's description of the patch and its installation,
and the vulnerability it addresses is posted at: http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS01-033.asp
Because of the importance of this threat, this alert is
being made jointly by:
Microsoft
The National Infrastructure Protection Center
Federal Computer Incident Response Center (FedCIRC)
Information Technology Association of America (ITAA)
CERT Coordination Center
SANS Institute
Internet Security Systems
Internet Security Alliance
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO2Wpgo0ZSRQxA/UrAQFQeQgAgmva53MJdjGF4u4oFXcAJICgf+1YTd1n
IJ7XIPPjTFkc5/8Fqe0lbFY7ZeBNAvGGI276RPkebmTz1WAJ08MNe9uvMJAuyULw
nOU8sMIO7S0Z5Z65/UYow0ui2qLVdmioqf809RAydHPdj1GINU0yDNS1HwwfjZia
0wBN+GjyjbdMU6bgMadoMdRgvCwdx2Jzr8ExAnFeNtLxRjwct3mv23bCrln1 h80I
4awW0GPPd5iFzLIZX+QVh9/qkPdYm3SD1e8rs8GK69dub1AsVoKdXea+EHb3YckO
9XfuZdhxy6I+PnZJ8woSSNqtuZ2zKuS+q4kdPt0Abh0ToCbR4jK91A==
=a2a5
-----END PGP SIGNATURE-----
Dir. PPRuNe Line Service
The PPRuNe server doesn't use a Microsoft operating system. If I installed any Microsoft software on it Danny would ask me to attend a "tea and biscuits" meeting... 
[ 31 July 2001: Message edited by: PPRuNe Dispatcher ]
[ 31 July 2001: Message edited by: PPRuNe Dispatcher ]
Chief PPRuNe Pilot
Wanna bet there won't be a derivative of the virus that will infect ANY Microcrap OS within a very short period?
Anyone using ANY software produced by 'The Dark Side' will inevitably get attacked at regular intervals. They provide so many weak points in their software that hackers and other evildoers can't resist the chaos they can cause because of the vast majority of sheeplike followers of their operating system who never realised that there have always been better alternatives out there.
Code Red may not infect Windoze 95, 98 or whatever but the Sircam virus does and I strongly advise anyone who hasn't checked yet to do so immediately as it is an extremely painful virus to deal with. I am currently receiving over 50 a day. I have to log into my mailbox with a browser and delete the damn things before I launch my email software and download the rest of my messages.
I don't open the attachments but some of you have got some bizzare tastes judging by the names on some of those files!
Anyone using ANY software produced by 'The Dark Side' will inevitably get attacked at regular intervals. They provide so many weak points in their software that hackers and other evildoers can't resist the chaos they can cause because of the vast majority of sheeplike followers of their operating system who never realised that there have always been better alternatives out there.
Code Red may not infect Windoze 95, 98 or whatever but the Sircam virus does and I strongly advise anyone who hasn't checked yet to do so immediately as it is an extremely painful virus to deal with. I am currently receiving over 50 a day. I have to log into my mailbox with a browser and delete the damn things before I launch my email software and download the rest of my messages.
I don't open the attachments but some of you have got some bizzare tastes judging by the names on some of those files!