PDA

View Full Version : Viruses & worms



More Power
08-23-2003, 11:56
During this past week, the W32/Sobig.F@mm worm and another related bug have been clogging the internet by replicating itself millions of times.

The sobig worm roots through an infected computer's MicroSoft email address book and replicates itself by sending a copy to everyone found in the address book. One "feature" of this bug is that is alters the "From:" field, so each successive recipient thinks it came from someone other than the owner of the originally infected computer.

Many ISP's have added bug detection to their incoming mail server, and will trap out most but not all bugs.

The troublemakers are taking advantage of the popularity of MS Outlook and other MS mail services to wreak their havoc. If I had just one recommendation to make, it would be to not use Outlook or any other MS email software. Additionally, I would recommend that whatever email program you use is set to run in ASCII mode, and not display HTML. Enabling HTML makes your computer vulnerable to bad bugs that can be launched when opening email with HTML (or j a v a or c g i scripts) enabled. Having the fewest possible features enabled in your email program will produce a safer computer environment.

MP

[ 08-23-2003, 02:40 PM: Message edited by: More Power ]

hoot
08-23-2003, 12:07
Thanks MP...

I'm a Netscape 7.1 browser and email program user. I have been getting loads of emails with attachments. I delete them but I don't no why lately Norton Anti virus has not been picking these up.

LanduytG
08-23-2003, 14:39
Hoot
Same thing has been happening to me. I even went to the Norton sight and downloaded the program that is suppose to take care of the worm but it says nothing found.

Greg

Sneaks
08-23-2003, 15:06
Thanks to Qualcomm, I use Eudora which is immune by virtue of being "Not Microsoft." Macafee, Norton et al are always a bit behind, but going without a good incoming email virus scanner is like towing with Hot Juice level 4 and no EGT guages....

FirstDiesel
08-23-2003, 17:25
Hoot

I've been having the same problem with Norton on my work Laptop. Got so feed up I deleted it and installed a copy of PC-Cillin from TrendMicro.

www.trendmicro.com (http://www.trendmicro.com)

Check it out, they offer a free 30 day trial copy. As soon as I installed it the program found a worm virus on the computer that Norton had not only allowed to sneak in but didn't even know it was there.

No more Norton for me it's c**p

Sneaks
08-23-2003, 18:17
I've been having the same problem with Norton on my work Laptop. Got so feed up I deleted it and installed a copy of PC-Cillin from TrendMicro.
Trend Micro also provides the virus/worm definition files for the virus scanner in System Suite by V-Com as well as the incoming mail scanner. Far and away less troubling for the user and/or the techie who has to figure out what Symantec (Norton) or Macafee incompatibility is causing problems. http://www.v-com.com/product/ss_ind.html

hoot
08-24-2003, 06:34
Norton finally updated yesterday. It's now catching the worm.

FirstDiesel
08-24-2003, 13:02
Wow

Right on top of it, huh??? All last week I fought this thing on my laptop, not to mention the virus that was actually working on my unit that it didn't even see.

No more Norton for me they are too far behind the curve these days.

hoot
08-25-2003, 10:37
I have never before seen such an onslaught of virus mailings...

I just recieved six in the last 20 minutes and I have been getting them at a faster and faster rate since a couple of days ago.

FirstDiesel
08-25-2003, 13:53
I'm on 3 different mailing list so my address is in a lot of people's adress books. I'm getting over 100 per day for the last week. This weekend it was close to 200 per day. At 100k per message it's a lot of download time. Thank goodness for cable but I've used all my "free" dialup time for the month for my work account. :(

People who write virui and hack systems need to be punished harshly. (Death??) :D

One of my low volume email lists is taking over 3 hours to post messages since this virus started!! I can imagine what the impact on big businesses must be.

Sneaks
08-25-2003, 14:40
Spouse has her email address in several professional lists. She was forced to join Spamcop www.spamcop.net (http://www.spamcop.net) 14 months ago. Since then they have intercepted (and reported) 17,687 unsolicited emails yet a few still get through their filters as well. I've been a Spamcop member and have consistently reported spammers since it's inception and I think I'm on every one of their "leave this (*&(^#@$ alone" list because out of 6 different email addresses I only get about 3 spam a day.

Occasionally, out of the blue, I'll get some carefully crafted message with either attached virus or not so nice code within the message. Thankfully those are also intercepted and quarantined. From the OUTBLAZE address in the header I know it's yet another spammer trying to retaliate.

Kinda disconcerting though.

DmaxMaverick
08-25-2003, 15:02
Good info on the sobig and viruses in general. Most viruses and worms going around nowadays are very similar in operation, and are originated from the same code, just altered a little.

Another really bad one going around now is the w32/blaster, aka: lovsan.worm. It is only effective on Windows NT, 2000, Server 2003 and XP. All other Windows versions are not vulnerable to it. It is not an email related worm. It is a "port attack" worm. If you are operating any of the effected OS's, and do not have a firewall running, you will get it just by being online and probably very quickly. With a firewall, it will get you, but will take longer. The main symptom is a message popping up that warns that an error has occured, and Windows will shut down, with a countdown timer. The computer will then restart. Virus scanners can and do detect the worm, but unless a patch, provided by MS, is installed, the virus will continue to attack a system. The patch is a free download from MS, and easy to install by anyone. The patch needs to be installed whether you have it or not. It will permanently prevent the worm from attacking you system.

Microsoft's info on this can be found at: blaster info (http://www.microsoft.com/security/incident/blast.asp)

You can check your system to see if you have the worm running. Just open "Task Manager" (ctrl-alt-del in NT, XP, 2000, click on "Task Manager) and click on "processes". If "msblast.exe" is running, you have it. Get it removed and the patch installed immediately. If it is not running, you are not yet effected, and should install the patch immediately. The patch is now a normal install for Windows Automatic Update. The patch only installs the patch. It does not stop or remove the worm if it is currently running.

If more info is needed, post your email and I will contact you.

john8662
08-27-2003, 07:43
Salt on the wound...

Viruses and Worms are all I fight at work, the sobig and the blaster were a fun one with over 200 workstations to support, half firewalled (didn't get the blaster on firewalled computers). Its sure good though to come home to a real computer that doesn't get viruses (Mac!!).

rsbrx
08-27-2003, 15:40
Isn't it great to have a Mac! No virus or worm problems here. The only problem the pesky little web critters have caused for me is to slow the internet down a little. As far as spam I keep several e-mail addresses for different purposes, one for commercial stuff and don't really get that many especially at the address that is only given out to friends and family. I use hotmail for commercial stuff and use the address block feature liberally and that seems to hold a lot of it down.

LanduytG
08-27-2003, 20:08
I just found out that Norton stinks. I had the latest update but it did not find the virus that PC cillin did.

Greg

FirstDiesel
08-28-2003, 18:55
Join the club

Norton stinks and on top of that it really only updates about once per week.

On my other list the Norton drones are falling all over themselves defending this product who's time has come and gone. Anyone using Norton is taking a big risk at getting infected everytime a new variant of some virus appears.

PC-Cillin found a virus on my laptop that Norton not only failed to stop from downloading but was allowing it to run and didn't even knoiw it was there!

john8662
09-03-2003, 09:50
Speaking of Norton AV. Most of the problems with norton involve the use of an OLD client. For example using the same software that came with your PC and then just purchasing the virus definition subscriptions. The antivirus definitions will be up to date and could detect the virus, but the older client software used might not be fully capable of detecting certain viruses reguardless of the definitions found. So as a recommendation, get a New version of the AV software @ least once a year maybe more. True fact, norton will not stop you from downloading a virus, especially with all the different makes of email clients out there (I think MS outlook is one that IS supported by norton). I truely doubt that any AV client is going to prevent the downloading of a virus, unless specifically compatible and configured with the downloading program or email client used. But, once a virus is detected norton usually notifies that it has been quaranteened. Another bad thing about viruses it that most of them as a first method of defence on the infected host computer will disable ANY AV software found anyways, so either way, your going to get to re-install defunct AV software at some point in time. As far updating once a week, I think it is sufficient in my opinion, but once a bad strain of a virus comes out, there are different "revisions" out of the definitions, even though the date may look to be the once per week date. I personally use Norton Corporate edition at work and prefer it.

FirstDiesel
09-03-2003, 17:34
Latest and greatest Norton Client. Latest virus files downloaded. Result viruses on the computer.

Yes, no antivirus program will stop the virus email from being downloaded but when it is downloaded it would be nice if the program found it and quaratined it.

As for not having the lastest client (engine) and once per week doanloads??? HUH??? The antivirus program I us, PC-Cillin, downloads at least daily sometimes more than once a day. And it updates the engine everytime they make a change to it too. Borton might have been fine in the past but they are way behind the times.

On my other list there is someone who did a test of antivirus programs for work. He had hundreds of different virus files available for testing. His findings?? Norton was not even in the top 50% of catching the viruses.