whatch out for the pictures containing virus/virii

[Todd]

Actually they are now being implanted with trojans.

The Win32.SubSeven.22.C trojan to be exact.

So just be on the watch out to what you download, pictures are not even safe anymore.

If you download from the newsgroups it has mainly been in one file suck.jpg, good luck

Some Info

Win32.SubSeven (Also known as Backdoor/SubSeven, Win32/SubSeven)
SubSeven is a trojan similar to Back Orifice. Unlike Back Orifice and NetBus, SubSeven does not claim to be a legitimate administration tool. These types of programs (sometimes called "Backdoors" or "Remote Access Trojans") consist of a trojan server and a client program. The server is usually received as an e-mail attachment which installs itself onto the system when run. It may display a fake error message in order to make it seem that the program failed to execute.

When installed, someone can use the client program to connect from another machine and control different parts of the system, ranging from opening and closing the CD drive to modifying the registry, uploading files, and rebooting. It can also take screen shots, monitor keystrokes, and steal passwords from the infected machine. The server can also be set up to send an ICQ, IRC or e-mail message to notify someone of the computer being open to attack.

Compared to earlier versions SubSeven 22 has some new features like proxy support, extended notification capabilities, network sniffing, enhanced distributed denial of service attack (DDoS) capabilities and an open architecture, allowing to expand the base functionality by downloadable plugins.

Listed below are the versions of the SubSeven trojan that we detect:

Win32.SubSeven.20
Win32.SubSeven.21
Win32.SubSeven.21.asp
Win32.SubSeven.21.B
Win32.SubSeven.21.C
Win32.SubSeven.21.D
Win32.SubSeven.21.D.ldr
Win32.SubSeven.21.E
Win32.SubSeven.21.enc
Win32.SubSeven.21.G
Win32.SubSeven.21.H (also known as SubSeven.DEFCON)
Win32.SubSeven.213
Win32.SubSeven.214
Win32.SubSeven.22.A
Win32.SubSeven.22.B
Win32.SubSeven.22.C

 

[Neotragii]

Hey Todd, can you post a link to your information source. I'm curious and would like to read it. Far as I know pictures(jpg, gif, bmp) do no carry virus. Usually what the virus does is create a separate file with a second file extension i.e. suck.jpg.VBS. The tricky part comes in the fact that IE and Outlook hide that second extension when they show the file name. I was always under the assumption that you had to have an executable file for a virus to get a foothold, files such as .vbs, .exe, .scr, .bat. If hackers have found a way to infect jpegs and such......

 

[Wizard]

Well I don't know how I got it but My norton picked up a "Trojan backdoor" today and catught it.....................................


I did spend some time last night looking at some smut pics.

 

[Neotragii]

Was the smut from websites or from newsgroups Wizzie? If from newsgroups what do you use to browse them?

 

[Todd]

http://www.cai.com/virusinfo/encyclopedia/descriptions/s/subseven.htm

I got it from a straight up picture, I even had a friend download from the news group using a linux and the file was just suck.jpg no hidden vbs extention

I use innoculate personal virus scanner picked it up before it had chance to do anything.

I use Pixnews 2000 for viewing news groups

 

[Neotragii]

Pardon my skepticism, but I still don’t believe you can infect a picture. Given how fast the FBI released a warning of the last possible virus threat after Sept 11th, they would be all over this. If you could infect a jpg or gif and have a virus spread simply by viewing the file, the results to the internet would be cataclysmic.

 

[Todd]

maybe i am missing something and his system is missing something but if you want to give it a go and figure it out for me

alt.binaries.pictures.erotica.breasts.small
alt.fan.oskana-bayul.small-tits
alt.fan.oksana-bayul.small-tits

 

[Neotragii]

will check in a sec, seems you and I have similar tastes Todd. I subscribe to all of the newsgroups you mention

 

[Wizard]

Was the smut from websites or from newsgroups Wizzie? If from newsgroups what do you use to browse them?

Websites...No newgroups............not sure where it came from yet.

I know I caught it...........

 

[Todd]

will check in a sec, seems you and I have similar tastes Todd. I subscribe to all of the newsgroups you mention

hows they say? More than a mouth ful goes to waste

 

[Neotragii]

Possibly a hostile java script? Would be my first guess if you didn't download any files.

 

[Wizard]

Just might have been.................I don't know I just thought since I was on there last night it might have been that.....

 

[Neotragii]

Can't find the offending file Todd. What was the title of the message header? Was it simply suck.jpg or was it one of those damn spam headers? I did a search for the last three months in a.b.p.b.s and a.f.o-b.s-t.

 

[Todd]

i haven't a clue what the header was.

i use pixnews 2000 to download.

I have it set for jpg only, nothing more nothing less.

it wont even grab jpeg.

i only have a 36.6 modem so i let it run while i sleep wook up to three messages of the trojan caught once in each of the three newsgroups

if i was normal and viewed as i download or download as i viewed i could help better sorry

 

[Neotragii]

Oh well, it was worth trying. No need to be sorry. Thanks for trying Todd. Ohh btw, my apologies to some of the ladies, anything bigger than a mouthful is a waste.

The following message in no way reflects the opinion of the station management