Anabolics
Search More Than 6,000,000 Posts
Results 1 to 9 of 9
  1. #1
    Yung Wun is offline Member
    Join Date
    Apr 2002
    Location
    In The Chocolate Factory
    Posts
    698

    Exclamation New Virus Warning!!!!!!!! Read!!!

    gott this from Vman at Nexus

    i've gott shyt loads of emails, which means its gotta sum of my friends.
    this virus spreads through the address book, so your friends could be sending u it.

    Warning: New Internet Virus Variants

    In case you aren't aware, currently there are two rapidly spreading Internet viruses.

    The most dangerous one is called Sobig.F. It is a mass-mailing worm that will hack your email and sent itself out to others in your email address book. Use caution when opening email attachments that match any of the below characteristics until you have updated your anti-virus software.

    The second is Nachi.worm or Welchia.worm. This worm exploits the same port as the Blast worm that many here experienced which caused a reboot. This exploit will find systems still infected with the Blast worm, download the patch from M$FT and cause a system reboot.

    I highly recommend all Windows users update their anti-virus software immediately to protect against Sobig.F in particular. Mac OS 9 & X and Linux are not vulnerable to either exploit. The following is a description of both and the locations on Symantec for Norton users and Network Associates for McAfee users:

    Sobig.F:

    Systems Affected:
    Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

    Virus Characteristics:
    This detection is for a new variant of W32/Sobig. In common with previous variants, the worm is written in MSVC, and bears the following characteristics: propagates via email, constructing outgoing messages with its own SMTP engine, propagates over network shares (not confirmed in testing yet)

    Mail Propagation
    The worm mails itself to email addresses harvested from the victim machine, using its own SMTP engine to construct outgoing messages. Target email addresses are harvested from files with the following extensions:
    DBX
    HLP
    MHT
    WAB
    EML
    TXT
    HTM
    HTML
    Outgoing messages are constructed as follows:
    Subject:
    Your details
    Thank you!
    Re: Thank you!
    Re: Details
    Re: Re: My details
    Re: Approved
    Re: Your application
    Re: Wicked screensaver
    Re: That movie
    Attachment:
    your_document.pif
    document_all.pif
    thank_you.pif
    your_details.pif
    details.pif
    document_9446.pif
    application.pif
    wicked_scr.scr
    movie0045.pif


    Body:
    See the attached file for details
    Please see the attached file for details

    The "From:" address may be spoofed with an address extracted from the victim machine. Therefore the perceived sender is most likely not a pointer to the infected user.

    Welchia/Nachi.worm:

    Systems Affected:
    Windows 2000, Windows XP
    This detection is for another virus that exploits the MS03-026 vulnerability. In addition to exploiting this RPC DCOM vulnerability, the virus also attempts to exploit an NTDLL.DLL vulnerability (MS03-007) via WebDav.It is not related to the W32/Lovsan.worm.d variant.
    Intentions of the worm: This worm spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution. The worm also looks for and removes W32/Lovsan.worm.a from an infected system. It achieves this by targeting MSBLAST.EXE. (The process is terminated if running on the victim machine.) NB: The Registry hook employed by MSBLAST.EXE is not removed by the worm.

    Norton/Symantec URL for Sobig.F: http://securityresponse.symantec.co...sobig.f@mm.html
    Welchia/Nachi: http://securityresponse.symantec.co...lchia.worm.html

    Network Associates/McAfee URL for Sobig.F: http://vil.nai.com/vil/content/v_100561.htm
    Welchia/Nachi: http://vil.nai.com/vil/content/v_100559.htm

  2. #2
    someday's Avatar
    someday is offline Member
    Join Date
    Jul 2003
    Posts
    671
    Fuck man i got that shit today.....i got like 50 or 60 emails all with attachments.....damn.

  3. #3
    Yung Wun is offline Member
    Join Date
    Apr 2002
    Location
    In The Chocolate Factory
    Posts
    698
    i've been getting sum every half an hour, its friggin brutal

  4. #4
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    5,896
    You know it's funny...

    I've never used MS Outlook for my email. Ever.

    I've been using Eudora since the days of win 3.1 and have never ever been affected by one of those so called "email viruses" (which are really scripts exploiting Microsoft flaws). Oh I still receive them, but Eudora will NOT run them nor will it be tricked into doing so by some internal programming flaw MS style.

    Stop using MS Outlook or Outlook Express for email and usenet, use a non MS program like Eudora Pro for email or Forté Agent for usenet and your computer will love you for it.

    Red

  5. #5
    arthurb999's Avatar
    arthurb999 is offline Anabolic Member
    Join Date
    Aug 2001
    Location
    USA
    Posts
    2,715
    I got like 20 email today. Keep on deleting them and deleting you "deleted" folder.

  6. #6
    Terinox's Avatar
    Terinox is offline The One & Only
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    5,013
    Quote Originally Posted by Red Ketchup
    You know it's funny...

    I've never used MS Outlook for my email. Ever.

    I've been using Eudora since the days of win 3.1 and have never ever been affected by one of those so called "email viruses" (which are really scripts exploiting Microsoft flaws). Oh I still receive them, but Eudora will NOT run them nor will it be tricked into doing so by some internal programming flaw MS style.

    Stop using MS Outlook or Outlook Express for email and usenet, use a non MS program like Eudora Pro for email or Forté Agent for usenet and your computer will love you for it.

    Red
    AMEN BROTHER! Eudora is da shit! I've also used one called "Pegasus Mail" also a good program! However, I just stick with hotmail or other things, and NEVER accept a file, from no one, even if you KNOW the person. Only time you accept a file is when the PERSON TELLS YOU that they are gonna be sending you a certain file, and so and so.

  7. #7
    G Child's Avatar
    G Child is offline Anabolic Member
    Join Date
    Nov 2001
    Location
    Some kind of padded room...wearing some kinda white jacket...can't move...help!
    Posts
    2,572
    Got that dang virus from Kazaa! Anyone know any good ftp PM me

  8. #8
    wrstlr69sdnl's Avatar
    wrstlr69sdnl is offline Senior Member
    Join Date
    Oct 2002
    Location
    California
    Posts
    1,820
    Thanks bro I just got a pop up from the mcafee program about that

  9. #9
    Yung Wun is offline Member
    Join Date
    Apr 2002
    Location
    In The Chocolate Factory
    Posts
    698
    bump

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •