If ya haven't in the last 24 hours or so, update you A/V software definitions.....

(John, you're up on these things, so check it out, but I am pretty sure it's legit)

Just ran out to the store, and heard on the radio there is a new worm out there that hit New Zealand and Australia this past midnight and is going around...

While I didn't catch the whole report, this one is particularly sneaky for the unsuspecting, cause it's disguised as an E-mail from Microsoft as a Security Alert, and has an attached file you are supposed to execute as a patch....

Which is silly, cause Microsoft never sends out e-mails with an attached file as a patch, they do it thru their Web based Windows update alert...

But just for those that might be un-suspecting....

Is this the one that you heard about?

W32.HLLW.Mankx@mm (http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.mankx@mm.html)

Nils

Ahhh Steve - was hoping to NOT think IT for a few days :) ...

As a sublte systems tip, any of you out there with cable modems that do not run AV software AND do not have a firewall/NAT box are just asking for trouble...

Nils put up one of my favorite sites in the computers section the other day. www.GRC.com That site has a port scanner to run that will give you a good inkling on how (in)secure your PC is...

If you are one of those people that get wierd POPUPs when you don't even have your browser running, you are in serious jeopardy of having you system compromised - cause they are already in!

Enough Public Service Announcements :bsod:

Yep, I think so, it sure looks like it.....

But I've already downloaded the definition, so I'm all set.....

John,
Is that true with a cable modem even if the machine itself is shut off?

If the machine is off it's not a problem while it's off. But if you are online for any lenth of time you'll get hit - just a matter of time, days, weeks, or a month.

Most everyone on cable systems belong to ranges of IP addresses that are easy to figure out... Some machine(s) that have already been compromised will seek out new unprotected computers, slip a little dormant worm into it and activate it at a later date. Not sure how true this is but (something I saw on the net :doh: ) the funny thing is that they tend to look for home users as they are more likely to get in and less likely to be found.

I've changed firewall systems at home but my last one last year had numerous attempts every day in my logs. The last place I worked had numerous attempts too but no known intrusions... Although since I left, they may or may not know if an intrusion has taken place as nobody knows the system :doh:

I've been working in the IT industry for a few years now. What I can easily say is that you should not open any emails coming from an unknown source if you can help it. And if you are using Outlook98 or Outlook Express, you'll want to figure out how to tell it NOT to automatically open any attachments at all since that is how most viruses gain entry to your box.

Cable Modems can be left on all day and all night and not even bothered with. It's your PC that is the weak link. Cable Modems are only there to faciliate net traffic for the most part.

And I agree with JohnR about those who might not even have a browser open, and still get popups. This clearly indicates you have been infected and are in dire need of a system reinstall.

And BTW, owning a AV package like McAfee is highly recommended but be sure to configure it properly for maximum protection.

If anyone has questions, post them here.

LONG LIVE FREEBSD!

Expect these emails to arrive repeatedly and with different subject lines.

I got the message Steve alerted us to yesterday.

I just got another one from support@microsoft.com with the subject of "Screensaver". The body of the message contained "All information is in the attached file." and it had an attachment named "password.pi".

Gone are the simple days of getting buried by emails about pills that make you lose weight, live forever, get bigger, get Russian mail order brides or reduce your interest payments.

Originally posted by hooked
Gone are the simple days of getting buried by emails about pills that make you lose weight, live forever, get bigger, get Russian mail order brides or reduce your interest payments. You mean I'm not the only one getting these :D ?

I personally like how Nikolas Arubuya from Nigeria found out how I am just the right guy to take advantage of a new method of making money becuase his sister's dog's vetrinarians kids, third grade teacher is the daughter of a high ranking minister of New Technologies in the Nigerian Government - and they need ME to make it work :laughs:

Thanks for the warning to watch out for e-mails with the sender 'support@microsoft.com' as one just arrived. We have a firewall and virus screening at the main server but this attachment somehow made it thru to me. Guess we have to look into why now.

On another note I am interested to know more about the 'pop up's' that appear when the browser is not running. Thinking back I recently had one do that at home. I have Norton AV. I would love to know more about this since I may have a reason to be concerned.

If you're concerned about how popups are coming up without your web browser open, try downloading a freeware program like ad-aware, get the latest version, and then install it and then run it and let it tell you what spyware crap you have on your box..

then let it clean that crap out...

Thanks for the quick reply Jugstah! I will.

http://www.lavasoftusa.com/


Be sure to remember, sometimes it won't get 'em all.

If you find it being too persistent, eventually you'll want to reinstall your system. Because every day, those bastids are trying to outdo all the spyware-removal programs, and they're getting too good at it lately...


:af: :af:

FYI,

We had a similar problem here as well. Most AV software picked up the threat before it did any damage but you may see the file come across with a .pi extension.

This extension is not picked up by most AV software since it is a truncated extension (it must have gotten f'd up somewhere). With this extension, it doesnt seem to be active.


Keep those defintions updated and block the .pi extension too!

A lot of the popups are from so called free ware or more like it ad-ware. You download a utility or program like "Kazaa" (sp)or "Morpheus" (sp), and by installing them you agree to let them put files and/or adservers on your computer. In some instances you are sharing files and folders to the internet for other to download from. (music, videos, etc) some of the have small utilities that lets the internet know your computer is back on and online (tnkrbell.exe) others keep track on you on and off line (keystroke logging)....

This is just the tip of the iceberg.. as all IT people out ther know. Be careful and stay away from free (adware), lavasoft is a GOOD company. If you have problem downloading from the usa site (asking for info etc) try the www.lavasoft.de site.

Nils

Gator is included as a bad program.

Gator is blasphemous!

Sure, it's nice that it remembers your passwords but if your PC craps the bed, are you going to be able to remember it? Nope.

Gator also sends you advertisements everywhere you go.