New Virus Warning!!!!!!!! Read!!!

**Yung Wun** · 08-19-2003, 05:47 PM

gott this from Vman at Nexus

i've gott shyt loads of emails, which means its gotta sum of my friends.
this virus spreads through the address book, so your friends could be sending u it.

Warning: New Internet Virus Variants

In case you aren't aware, currently there are two rapidly spreading Internet viruses.

The most dangerous one is called Sobig.F. It is a mass-mailing worm that will hack your email and sent itself out to others in your email address book. Use caution when opening email attachments that match any of the below characteristics until you have updated your anti-virus software.

The second is Nachi.worm or Welchia.worm. This worm exploits the same port as the Blast worm that many here experienced which caused a reboot. This exploit will find systems still infected with the Blast worm, download the patch from M$FT and cause a system reboot.

I highly recommend all Windows users update their anti-virus software immediately to protect against Sobig.F in particular. Mac OS 9 & X and Linux are not vulnerable to either exploit. The following is a description of both and the locations on Symantec for Norton users and Network Associates for McAfee users:

Sobig.F:

Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Virus Characteristics:
This detection is for a new variant of W32/Sobig. In common with previous variants, the worm is written in MSVC, and bears the following characteristics: propagates via email, constructing outgoing messages with its own SMTP engine, propagates over network shares (not confirmed in testing yet)

Mail Propagation
The worm mails itself to email addresses harvested from the victim machine, using its own SMTP engine to construct outgoing messages. Target email addresses are harvested from files with the following extensions:
DBX
HLP
MHT
WAB
EML
TXT
HTM
HTML
Outgoing messages are constructed as follows:
Subject:
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Body:
See the attached file for details
Please see the attached file for details

The "From:" address may be spoofed with an address extracted from the victim machine. Therefore the perceived sender is most likely not a pointer to the infected user.

Welchia/Nachi.worm:

Systems Affected:
Windows 2000, Windows XP
This detection is for another virus that exploits the MS03-026 vulnerability. In addition to exploiting this RPC DCOM vulnerability, the virus also attempts to exploit an NTDLL.DLL vulnerability (MS03-007) via WebDav.It is not related to the W32/Lovsan.worm.d variant.
Intentions of the worm: This worm spreads by exploiting a hole in Microsoft Windows. It instructs a remote target system to download and execute the worm from the infected host. Once running, the worm terminates and deletes the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent other threats from infecting the system through the same hole. When the system clock reaches Jan 1, 2004, the worm will delete itself upon execution. The worm also looks for and removes W32/Lovsan.worm.a from an infected system. It achieves this by targeting MSBLAST.EXE. (The process is terminated if running on the victim machine.) NB: The Registry hook employed by MSBLAST.EXE is not removed by the worm.

Norton/Symantec URL for Sobig.F: http://[email protected]
Welchia/Nachi: http://securityresponse.symantec.co...lchia.worm.html

Network Associates/McAfee URL for Sobig.F: http://vil.nai.com/vil/content/v_100561.htm
Welchia/Nachi: http://vil.nai.com/vil/content/v_100559.htm

**someday** · 08-19-2003, 05:56 PM

Fuck man i got that shit today.....i got like 50 or 60 emails all with attachments.....damn.

**Yung Wun** · 08-19-2003, 05:59 PM

i've been getting sum every half an hour, its friggin brutal

**Red Ketchup** · 08-19-2003, 06:14 PM

You know it's funny...

I've never used MS Outlook for my email. Ever.

I've been using Eudora since the days of win 3.1 and have never ever been affected by one of those so called "email viruses" (which are really scripts exploiting Microsoft flaws). Oh I still receive them, but Eudora will NOT run them nor will it be tricked into doing so by some internal programming flaw MS style.

Stop using MS Outlook or Outlook Express for email and usenet, use a non MS program like Eudora Pro for email or Forté Agent for usenet and your computer will love you for it.

Red

**arthurb999** · 08-19-2003, 06:31 PM

I got like 20 email today. Keep on deleting them and deleting you "deleted" folder.

**Terinox** · 08-19-2003, 06:32 PM

Originally Posted by Red Ketchup

You know it's funny...

I've never used MS Outlook for my email. Ever.

I've been using Eudora since the days of win 3.1 and have never ever been affected by one of those so called "email viruses" (which are really scripts exploiting Microsoft flaws). Oh I still receive them, but Eudora will NOT run them nor will it be tricked into doing so by some internal programming flaw MS style.

Stop using MS Outlook or Outlook Express for email and usenet, use a non MS program like Eudora Pro for email or Forté Agent for usenet and your computer will love you for it.

Red

AMEN BROTHER! Eudora is da shit! I've also used one called "Pegasus Mail" also a good program! However, I just stick with hotmail or other things, and NEVER accept a file, from no one, even if you KNOW the person. Only time you accept a file is when the PERSON TELLS YOU that they are gonna be sending you a certain file, and so and so.