Kymberley
I perfected 'BITCHYNESS'
- Joined
- Apr 15, 2000
- Posts
- 1,866
Another computer virus alert
- Thread starter Kymberley
- Start date
G
Guest
Guest
?
Please do a cut and paste.....for some reason it won't come up for me.
Please do a cut and paste.....for some reason it won't come up for me.
Kymberley
I perfected 'BITCHYNESS'
- Joined
- Apr 15, 2000
- Posts
- 1,866
cut and paste
September 24, 2001
New 'War Vote' Virus Deletes Computer Files
By REUTERS
Filed at 6:48 p.m. ET
SAN FRANCISCO (Reuters) - Computer security experts on Monday warned of a new virus that deletes files while masquerading as a program that will allow people to vote on whether the United States should go to war over the Sept. 11 hijacker attacks.
The ``Vote Virus,'' which so far is not widespread, circulates via e-mail to users of Microsoft Corp. (news/quote)'sOutlook e-mail program, said Simon Perry, vice president of security solutions at Computer Associates International (news/quote) Inc.The virus, punctuated by strange grammar and a mix of lower- and upper-case letters, appears with the subject line: ''Peace between America and Islam!'' and the body of the e-mail reads: ``Hi. Is it a war against America or Islam!? Let's vote to live in peace!'' Perry and other experts said.
When the attachment entitled ``WTC.exe'' is opened, the virus tries to delete all the files on the computer's hard drive and sends copies of the e-mail to every address listed in the computer's address book, he said.
The virus also defaces any Web pages that are hosted by an infected computer to read: ``America ... few days will show you what we can do!!! It's our turn ))) ZaCker is so sorry for you,'' according to Perry.
In addition the virus, which is a worm because of its self-propagation capabilities, deletes the Windows directory files, tries to download a ``backdoor'' on the computer and unsuccessfully attempts to reformat the system, said Vincent Gullotto, senior research director of Network Associates Inc. (news/quote)'s (NETA.O) Antivirus Response Team. A ``backdoor'' would enable someone to get remote access to the computer without permission.
The virus also can delete antivirus software on the computer, according to Vincent Weafer, director of Symantec Corp. (news/quote)'s (SYMC.O) Antivirus Research Center.
SICK SENSE OF HUMOR
The virus is believed to be the work of an opportunist and not associated with the Sept. 11 jetliner attacks on the World Trade Center and Pentagon in which nearly 7,000 people feared dead.
``There is no evidence that this is related to the people who carried out'' the attacks, Perry said.
Virus writers have discovered that they can easily dupe people into opening emails by appealing to their prurient interests.
For example, popular viruses have purported to be photos of naked women or love letters, like the ``I Love You'' virus that caused an estimated $8.7 billion in global damage last year.
Researchers are worried that the new, dangerous virus might spread quickly because of its supposed relation to the debate over U.S. retaliation for the attacks.
``We feel this is likely to get quite a high pickup in that a lot of people are going to click on this,'' Perry said. ``If the news about this doesn't get out before people get their e-mails, they're at risk.''
Perry said he expects there will be more socially engineered viruses related to the topic of war and terrorism.
``What this is a sick sense of humor,'' Perry said. ``Chances are this is not any kind of cyber-terrorism. It's just cyber terror.''
``If this was truly politically motivated there would have been more of a message some place in the code,'' noted Gullotto.
FEW INFECTIONS SO FAR
While Symantec and Network Associates reported only a couple of customer infections each, between five and 10 large corporate customers of Computer Associates have been infected since the virus first appeared on Monday morning, Perry said.
Researchers do not know where it originated from but it has not yet hit Europe and Asia, he said.
The software companies are working to update their antivirus programs to detect and protect computers against the new virus, researchers said.
A free security update for Outlook 2000 that was released about a year ago automatically blocks it, according to Microsoft spokesman Jim Desler.
``We find it appalling that someone would choose this time and these circumstances to propagate a virus,'' he said.
September 24, 2001
New 'War Vote' Virus Deletes Computer Files
By REUTERS
Filed at 6:48 p.m. ET
SAN FRANCISCO (Reuters) - Computer security experts on Monday warned of a new virus that deletes files while masquerading as a program that will allow people to vote on whether the United States should go to war over the Sept. 11 hijacker attacks.
The ``Vote Virus,'' which so far is not widespread, circulates via e-mail to users of Microsoft Corp. (news/quote)'sOutlook e-mail program, said Simon Perry, vice president of security solutions at Computer Associates International (news/quote) Inc.The virus, punctuated by strange grammar and a mix of lower- and upper-case letters, appears with the subject line: ''Peace between America and Islam!'' and the body of the e-mail reads: ``Hi. Is it a war against America or Islam!? Let's vote to live in peace!'' Perry and other experts said.
When the attachment entitled ``WTC.exe'' is opened, the virus tries to delete all the files on the computer's hard drive and sends copies of the e-mail to every address listed in the computer's address book, he said.
The virus also defaces any Web pages that are hosted by an infected computer to read: ``America ... few days will show you what we can do!!! It's our turn ))) ZaCker is so sorry for you,'' according to Perry.
In addition the virus, which is a worm because of its self-propagation capabilities, deletes the Windows directory files, tries to download a ``backdoor'' on the computer and unsuccessfully attempts to reformat the system, said Vincent Gullotto, senior research director of Network Associates Inc. (news/quote)'s (NETA.O) Antivirus Response Team. A ``backdoor'' would enable someone to get remote access to the computer without permission.
The virus also can delete antivirus software on the computer, according to Vincent Weafer, director of Symantec Corp. (news/quote)'s (SYMC.O) Antivirus Research Center.
SICK SENSE OF HUMOR
The virus is believed to be the work of an opportunist and not associated with the Sept. 11 jetliner attacks on the World Trade Center and Pentagon in which nearly 7,000 people feared dead.
``There is no evidence that this is related to the people who carried out'' the attacks, Perry said.
Virus writers have discovered that they can easily dupe people into opening emails by appealing to their prurient interests.
For example, popular viruses have purported to be photos of naked women or love letters, like the ``I Love You'' virus that caused an estimated $8.7 billion in global damage last year.
Researchers are worried that the new, dangerous virus might spread quickly because of its supposed relation to the debate over U.S. retaliation for the attacks.
``We feel this is likely to get quite a high pickup in that a lot of people are going to click on this,'' Perry said. ``If the news about this doesn't get out before people get their e-mails, they're at risk.''
Perry said he expects there will be more socially engineered viruses related to the topic of war and terrorism.
``What this is a sick sense of humor,'' Perry said. ``Chances are this is not any kind of cyber-terrorism. It's just cyber terror.''
``If this was truly politically motivated there would have been more of a message some place in the code,'' noted Gullotto.
FEW INFECTIONS SO FAR
While Symantec and Network Associates reported only a couple of customer infections each, between five and 10 large corporate customers of Computer Associates have been infected since the virus first appeared on Monday morning, Perry said.
Researchers do not know where it originated from but it has not yet hit Europe and Asia, he said.
The software companies are working to update their antivirus programs to detect and protect computers against the new virus, researchers said.
A free security update for Outlook 2000 that was released about a year ago automatically blocks it, according to Microsoft spokesman Jim Desler.
``We find it appalling that someone would choose this time and these circumstances to propagate a virus,'' he said.
Shy Tall Guy
Literotica Guru
- Joined
- Aug 24, 2001
- Posts
- 5,735
There are two ways people usually get infected with viruses:
1) They run executable content attached to emails.
2) They don't have the ActiveX/Back Orifice extensions turned off if they use Outlook for an email app.
#1 is just plain dumb, #2 can be dumb if you have a choice about what email app to use, or know how to turn off the extensions.
If you cruise porn sites, do not download any "viewers" from the sites; some are viruses that can do nasty things. One I have heard of charges your phone number for long distance (or to an overseas 9xx number) when online - bigtime scam.
I have been noticing lately a number of attempts to infect me have been showing up in my online email that I used for a contact when I posted my resume various places. Really stupid and obvious attempts, most seem to come from overseas (one today seemed to come from Africa) in the obvious form of an executable. I just delete them and block the address.
STG
1) They run executable content attached to emails.
2) They don't have the ActiveX/Back Orifice extensions turned off if they use Outlook for an email app.
#1 is just plain dumb, #2 can be dumb if you have a choice about what email app to use, or know how to turn off the extensions.
If you cruise porn sites, do not download any "viewers" from the sites; some are viruses that can do nasty things. One I have heard of charges your phone number for long distance (or to an overseas 9xx number) when online - bigtime scam.
I have been noticing lately a number of attempts to infect me have been showing up in my online email that I used for a contact when I posted my resume various places. Really stupid and obvious attempts, most seem to come from overseas (one today seemed to come from Africa) in the obvious form of an executable. I just delete them and block the address.
STG
Dillinger
Guerrilla Ontologist
- Joined
- Sep 19, 2000
- Posts
- 26,152
This is a "Category 2" threat - meaning it is of low level concern - it is reasonably harmless and containable (of course, if you're infected you wouldn't consider it harmless - but its all relative these days)
W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products.
Subject of the email is "Fwd
eace BeTweeN AmeriCa and IsLaM!" - Attachemnt is "WTC.exe" Message in the body of the email is "HiiS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace!"
The reason this is category 2 is that if you are running an antivirus program it will be detected. If you're not running an antivirus program... WHAT THE HELL IS WRONG WITH YOU? (*smile*)
REMOVAL INSTRUCTIONS:
1. Make sure that you have the most recent virus definitions for whatever antivirus program you are running
2. Start your antivirus program, and make sure that it is configured to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as W32.Vote.A@mm. If the worm has run and your antivirus program is installed in C:\Program Files\, you should reinstall your antivirus program.
5. If the computer has been rebooted after the infection, or if the computer seems very unstable, then you need to reinstall the operating system.
W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products.
Subject of the email is "Fwd
eace BeTweeN AmeriCa and IsLaM!" - Attachemnt is "WTC.exe" Message in the body of the email is "HiiS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace!"The reason this is category 2 is that if you are running an antivirus program it will be detected. If you're not running an antivirus program... WHAT THE HELL IS WRONG WITH YOU? (*smile*)
REMOVAL INSTRUCTIONS:
1. Make sure that you have the most recent virus definitions for whatever antivirus program you are running
2. Start your antivirus program, and make sure that it is configured to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as W32.Vote.A@mm. If the worm has run and your antivirus program is installed in C:\Program Files\, you should reinstall your antivirus program.
5. If the computer has been rebooted after the infection, or if the computer seems very unstable, then you need to reinstall the operating system.
Shy Tall Guy
Literotica Guru
- Joined
- Aug 24, 2001
- Posts
- 5,735
DSL, while not typically dial-up, is over a phone line. I don't have experience with DSL, but if you have your phone number in your Windoze settings (internet, fax, whatever) a native mode program can get to it via the registry, whether the DSL connection uses it or not. One reason why I don't enter my phone number anywhere in my settings.Chuckus said:
STG
Similar threads
