bad virus going around!!

big-n-italian

Enthusiast
Joined
Jul 17, 2004
Posts
8,547
Reaction score
0
Location
Central Illinois
i know that this is not viper related, but i want as many people to see this as possible. please be aware that there is a bad computer virus going around.

The virus is being identified as W32/Sober@MM!M681

It is essentially a SPAM virus, using email information from infected computers to replicate (spoof) sender and recipient information and produce large amounts of email..

The virus payload is carried in a .zip file attachment.

Due to the rapid rate of variances of this virus, you should avoid be vigilant about opening ANY non-solicited, identifiable .zip files.

Below, you’ll find the common messages associated with this virus, delete these immediately and do no preview them or open attachments:



Subject: hi, ive a new mail address
Body:
hey its me, my old address dont work at time. i dont know why?!
in the last days ive got some mails. i' think thaz your mails but im not sure!

plz read and check ...
cyaaaaaaa

Subject: Registration Confirmation
or
Subject: Your Password
Body: Account and Password Information are attached!

Subject: Paris Hilton & Nicole Richie
Body:
The Simple Life:

View Paris Hilton & Nicole Richie video clips , pictures & more ;)
Download is free until Jan, 2006!

Please use our Download manager.

Subject: You visit illegal websites
Body:
Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.
Yours faithfully,
Steven Allison

++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505

++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time




Remember-

v Keep your virus protection software updated!

v Don’t assume that the sender who sent you an infected message is the source of the virus.

v If you think you might have been infected, you can access a free antivirus scanner at: http://www.download.com/Stinger/3000-2239_4-10352872.html?tag=lst-0-1
 

SRTJOE

Viper Owner
Joined
Jun 3, 2004
Posts
1,627
Reaction score
0
Thanks!!!! :2tu: WE have been getting pounded with this things for the last two days. :eek:
 
OP
OP
big-n-italian

big-n-italian

Enthusiast
Joined
Jul 17, 2004
Posts
8,547
Reaction score
0
Location
Central Illinois
More info is coming out on this now.


'FBI-Paris Hilton' worm called the year's worst
Newest version of Sober virus generates millions of e-mails

It looks like an e-mail from the FBI, or a note promising pictures of Paris Hilton -- but some anti-virus companies are now calling it the most widespread computer virus outbreak of the year.

Sober-Y, the latest variation of a computer virus that was first released almost two years ago, surprised analysts Tuesday by gaining traction and rocketing millions of e-mails around the world.

MessageLabs, a software company that filters e-mails, said it had stopped three million copies of Sober-infected e-mails in the first 24-hours after the virus began circulating. Paul Wood, a senior analyst at MessageLabs, said that as of 5 p.m. ET, the firm was trapping 200,000 copies of the worm each hour.

"It's surprisingly bad," said Mikko Hypponen, a virus researcher at F-Secure.com. "In sheer amount of e-mails, it's larger than any outbreak of the year." On Tuesday afternoon, F-Secure raised its threat level for the virus to its most severe rating. Other anti-virus firms also raised their threat levels during the afternoon.

Sober has been successful, experts say, because it piggybacks on earlier versions of the virus that have already infected computers. Those computers -- perhaps tens of thousands around the world, according to Symantec's Alfred Huger -- form a "bot-net" network that's controlled by the virus writer.

Valuable real estate
All those computers were instructed to send out spam on Monday that was laced with Sober-Y -- millions of messages that gave the virus a great head start at gaining traction. Essentially, the virus is using friendly computers to launch attacks and gather up new territory.

"The footprint for the bot-net is already quite large, so the virus has its own momentum," Huger said.

Symantec has received almost 2,000 submissions of the program from customers who were attacked by the worm, he said.

The virus writer uses the ever-expanding network to make money, Huger said. The bot-net is rented out to other spammers, who send their own versions of e-mail marketing pitches. And the virus author, according to Huger, steals personal information from infected computers and sells it to the highest bidder. "It's real estate to (virus writers), and it's really valuable real estate."

Another clever aspect of Sober-Y -- it includes both English and German versions, and selects the appropriate language based on an educated guess for each computer it attacks. Computers with e-mail addresses that end in .de get the German version, for example.

The virus is also spreading because its e-mail message is just enticing enough to trick recipients, said Huger. In addition to the Paris Hilton and FBI versions, other e-mails purport to come from German authorities who've caught a recipient downloading illegal music; or the CIA, accusing the recipient of visiting illegal Web sites. There's even a version that looks like it's an automatic message indicating an attempted e-mail has failed, known as a "bounce."

One piece of good news: To become infected, recipients must click on the attachment, which is zipped, then unpack the zipped file, and then agree to run the executable file that appears. That provides several chances for a consumer to realize something is suspicious.

Spam-virus technique
About two years ago, virus writers began combining techniques used in computer worms and spam. Often, as in this case, a virus writer will begin an attack with an initial "seeding" of virus-laced spam, boosting the program's chances of catching fire. But often, such spam-seeded worms appear worse than they really are during those first few hours -- and after the initial spam dies down, a lack of new infections keep the worm from turning into a widespread outbreak.

McAfee's Craig Schmugar said he thinks that might be the case with Sober-Y. His firm has only received 150 submissions, so he thinks it may have had a bark that's worse than its bite.

"We are past the worst of it," he said.

Hypponnen didn't agree, saying at 6 p.m. ET that submissions to F-Secure continued to rise through the night.

"Over last five hours, the trend has been up," he said.

Still, the impending Thanksgiving holiday in the United States probably would help ease the spread of the worm, he said -- since many U.S. workers have already left the office for a long weekend and won't be clicking on their e-mail.
 

Fast Viper Dan

Enthusiast
Joined
Aug 7, 2001
Posts
457
Reaction score
0
Location
Saratoga, CA, USA
John, I received all of these today??? deleted them with out opening.
Do you get adds from pharmacudical on line? I can't seem to stop them. I block them and they use a new name?
I'd rather be driving my GTS. (now this thread is legit)
Dan
 
OP
OP
big-n-italian

big-n-italian

Enthusiast
Joined
Jul 17, 2004
Posts
8,547
Reaction score
0
Location
Central Illinois
<< John, I received all of these today??? >>

you and many others are now getting this one. many members of this forum have gotten them already, or are starting to get them now. i know Chuck got one too. luckily the information about this virus started coming out as the emails started to hit mailboxes. hopefully this thread will be read before the emails are opened and the damage is done.

<< deleted them with out opening. >>

that is the best thing to do.

<< Do you get adds from pharmacudical on line? I can't seem to stop them. I block them and they use a new name? >>

i used to block them, but it never worked for me either. i was told once that when you "block them", that is conformation for the sender that the email made it to the receipient. you are best to ignore them, and simply delete them. i have also gone with an internet provider that filters out most of the BS.

<< I'd rather be driving my GTS. >>

DEFINATELY!!

<< (now this thread is legit) >>

ABSOLUTELY.

*** THIS IS THE MOST IMPORTANT PARAGRAPH ***:

<< One piece of good news: To become infected, recipients must click on the attachment, which is zipped, then unpack the zipped file, and then agree to run the executable file that appears. That provides several chances for a consumer to realize something is suspicious. >>

Luckily it takes a decent amount of work to get this virus, and many people simply do not know how about zipped files and how to unpack them.
 

Gerald

Enthusiast
Joined
Oct 2, 2000
Posts
5,401
Reaction score
0
Location
Near Tampa Bay
I was wondering why I got 70 emails this morning. EVERYONE one of the b.s... So many viruses. SO much profit for anti virus software. I swear I think the anti virus companies make these exact viruses so they have job security. who knows.....

G
 

Latest posts

Members online

Forum statistics

Threads
153,645
Posts
1,685,216
Members
18,221
Latest member
tractor1996
Top