Webmaster Forum Rules | Posting Guide | Contact Us | Testimonials | Contributing Geek Program | Advertise on Geek/Talk
Welcome to the GeekTalk Webmaster Discussion Forums from GeekVillage.com

Click Here To Register. It's Free!

Go Back   geek/talk: Signature-free discourse for serious web publishers > YOUR PERFORMANCE: Website Promotion, Marketing and Growth > Business Principles > StopScum
User Name
Password
Register FAQ Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
Old 05-30-2005, 03:06 PM   #1
Larwee

GeekGuide
 
Join Date: Nov 2004
Location: St. Louis, Missouri USA
Posts: 3,015
Default Medium Risk Virus Alert

TrendLabs has issued a Medium Risk Virus Alert for WORM_MYTOB.AR The full details are below.
Quote:
As of May 30, 2005 3:12 AM YEAR TIME PST (PDT/GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYTOB.AR. TrendLabs has received several infection reports indicating that this malware is spreading in Australia, China, Hongkong, India, Japan, Korea, Philippines, Taiwan, United States.

The following is a brief summary of what this worm is capable of doing:

This memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

This email message has the following details:

Subject: (any of the following)
{Random**
*DETECTED* Online User Violation
*IMPORTANT* Please Validate Your Email Account
*IMPORTANT* Your Account Has Been Locked
*WARNING* Your Email Account Will Be Closed
Account Alert
Email Account Suspension
Important Notification
Notice of account limitation
Notice: **Last Warning**
Notice:***Your email account will be suspended***
Security measures
Your email account access is restricted
Your Email Account is Suspended For Security Reasons

Message body: (any of the following)
Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
please look at attached document.
Please read the attached document and follow it's instructions.
Please see the attachement.
The original message has been included as an attachment.
To safeguard your email account from possible termination, please see the attached file.
To unblock your email account acces, please see the attachement.
We attached some important information regarding your account.
We have suspended some of your email services, to resolve the problem you should read the attached document.
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

Attachment: (any combination of the following file names and extension names)

File name:

{random**
account-details
document
document_full
email-doc
email-info
information
info
info-text
instructions
your_details

Extension name:

EXE
PIF
SCR
ZIP

This worm also takes advantage of the LSASS vulnerability to propagate.

This worm also has backdoor capabilities. It comes with a built-in Internet Relay Chat (IRC) bot that allows it to connect to a specific IRC server. It then waits for commands from a remote user.

It also terminates processes, some of which are related to antivirus and security programs.
Larwee is offline   Reply With Quote
Old 05-30-2005, 03:39 PM   #2
Bondings
Registered User
 
Join Date: Dec 2004
Location: Belgium
Posts: 283
Default

I already got several of those emails. But unless I open the file, nothing can happen, I suppose.
Bondings is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
High risk RealPlayer flaws trigger PC hijack alert Larwee Web Design and Webmaster Issues 0 06-24-2005 04:33 PM
WORM_MYTOB.EG medium risk virus alert Larwee Web Design and Webmaster Issues 0 05-09-2005 10:41 PM
w32/Ganda@MM virus alert. Jan Web Design and Webmaster Issues 0 04-08-2003 10:16 PM
Virus Warning! demae geek/yak 2 05-31-2001 07:32 PM
New virus alert! dpalmer Web Design and Webmaster Issues 6 02-04-2001 09:40 AM

Please support our advertisers. They ensure our survival.

All times are GMT -5. The time now is 07:04 AM.


GeekVillage.com is copyright © 1998-2015 Curiosity Cave - Science gifts for clever kids. All rights reserved.
Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.