corsasport.co.uk
 

Corsa Sport » Message Board » General Chat » Latest Virus Scam...


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author Latest Virus Scam...
Bart
Member

Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
25th Sep 03 at 07:10   View User's Profile U2U Member Reply With Quote

Sorry if this has been mentioned before i aint been on here for a few days.

The latest virus scam is an email being passed around pretending to be Microsoft with an attachment claiming you 'must update windows' for security reasons.

Attached is a file roughly 300kb, im not sure what the file does i believe its a trojan.



Of course Microsoft never send out file updates with their emails but this does look convincing as all the links etc link to the microsoft site as well.

Just thought id let ya all know

[Edited on 09-06-2003 by Bart]

[Edited on 09-06-2003 by Bart]

[Edited on 09-06-2003 by Bart]
Bart
Member

Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
25th Sep 03 at 07:35   View User's Profile U2U Member Reply With Quote

AusCERT Update AU-2003.015 - New email virus/worm "Swen" masquerades as
Microsoft Update
19 September 2003

Users and system administrators should be aware of a new mass-mailer worm
that purports to be the "September 2003, Cumulative Patch" for MS Internet
Explorer, MS Outlook and MS Outlook Express. The worm arrives as an
attachment with a .exe extension. In addition to email vectors, Swen will
attempt to spread through file-sharing networks and will attempt disable
antivirus programs and personal firewall programs on an infected computer.

This particular executable may be detected by anti-virus systems as the
W32/Gibe-F virus. It may also arrive in an email message appearing to be
a qmail delivery failure notice.

Some email subject lines that Swen may use are:

New Internet Security Update
net security upgrade
New Net Critical Update
Mail: User unknown

REFERENCES:

[1] Protecting your computer from malicious code
http://www.auscert.org.au/render.html?it=3352

[2] Information on Bogus Microsoft Security Bulletin E-mails
http://www.microsoft.com/technet/security/news/patch_hoax.asp

[3] F-Secure Virus Descriptions
http://www.europe.f-secure.com/v-descs/swen.shtml

[4] Symantec Security Response - W32.Swen.A@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

[5] Computer Associates Virus - Win32.Swen.A
http://www3.ca.com/virusinfo/virus.aspx?ID=36939

[6] McAfee Security
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662

[7] Trend Micro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A&VSect=T

[8] Sophos virus analysis: W32/Gibe-F
http://www.sophos.com/virusinfo/analyses/w32gibef.html

[9] MessageLabs
http://www.messagelabs.com/viruseye/info/default.asp?virusname=W32%2FGibe%2EE%2Dmm

When possible, upgrade all anti-virus software to use the latest definition
files as soon as they become available.

Ensure that all network file shares are disabled unless necessary and if
possible ensure that active shares are password protected.

AusCERT advises members to disseminate and take action on this information
to prevent any undesirable activity by this virus within their sites. Users
should be again reminded that unsolicited attachments should not be opened.

Regards,

The AusCERT Team


 
New Topic

New Poll

Corsa Sport » Message Board » General Chat » Latest Virus Scam... 23 database queries in 0.0097868 seconds