|
•
VIRUS BULLETIN #22
- ProLin,
AKA Creative,
Shockwave - (02 December 2000)
"W32.Prolin.Worm uses Microsoft Outlook to email a
copy of itself to everyone in the Outlook address book."
(Symantec) Attachment purports to be "A great
Shockwave Flash Movie."
F-Secure
| Norton/Symantec
| McAfee
| Top
•
VIRUS BULLETIN #24
- HaHaHa SNOWHITE & THE SEVEN
DWARFS,
AKA
W32.Hybris.gen@M - (04 January 2001)
This worm spreads itself as an attachment to email
messages retransmitted to the infected user's address
book. Notice the misspelling of "Snowhite."
F-Secure
| McAfee
| Norton/Symantec
| Top
•
VIRUS BULLETIN #25
- MELISSA,
AKA
Mid/Melissa, ANNIV.DOC, W2001MAC/Melissa.W,
Macro.W97.Melissa.W
- (20
January 2001)
Caution for Mac users: this virus can infect Macs.
This worm originated with Newsgroup postings.
F-Secure
| McAfee
| Norton/Symantec
| Top
•
VIRUS BULLETIN #26
- AOL PASSWORD-STEALING TROJAN
- (02
February2001)
Antiviral software companies have tracked an
increasing number of AOL password-stealing trojans. If
you are an AOL subscriber, you should protect yourself
immediately.
F-Secure
| McAfee
| Norton/Symantec
| Top
VIRUS
BULLETIN #27
- ANNA
KOURNIKOVA,
AKA Here
You Have, ;o) , Here You Are, ;o), Onthefly -
(12 February 2001)
Read about this worm in this ZDNet
article. This
worm will send itself out to your address book. Also, see
Virus
Bulletin #28
below for Microsoft Outlook Security Patch.
F-Secure
| Norton/Symantec
or this
page or
this
page | McAfee
| Top
•
VIRUS BULLETIN #29
- HaHaHa
SNOWHITE & THE SEVEN
DWARFS,
AKA
W32/Hybris.gen@M - (13 February 2001, 13 March
2002)
Reappearance of this worm. "Snow White is turning
18..." You get the idea... Check Virus
Bulletin #24.
Please read again our Words
of Caution |
Top
•
VIRUS BULLETIN #30
- NAKED
WIFE
- AKA Naked
Vandal, W32.HLLW.JibJab@MM, TROJ_NakedWife -
(07 March 2001)
-
- This Reuters
release in the Washington
Post
provides information on this combination worm and
virus. "A new e-mail virus that promises an eyeful to
Internet users but instead cripples Microsoft Windows
swept through companies worldwide today, as anti-virus
experts traced it to a computer owned by the Brazilian
division of a French insurance company."
- One of my favorite
sites, VMyths.com, has an interesting write-up about
this worm/virus: "The NakedWife worm/virus is a
real-but-overblown threat. Vmyths.com now classifies
it as a media flop." Read the story here.
- Top
-
•
VIRUS BULLETIN #31
-
W32/MAGISTR
- AKA
Judge, Other Random Names in Subject
Line -
(14 March 2001)
-
- This virus may
erase files and has an e-mail worm capability (will
send itself to all in your address book). The subject
and attachment names are randomly selected. Not an
easy one to detect. RESIST clicking on
attachments until you have first checked with the
sender if this is a legitimate file.
- Top
-
•
VIRUS BULLETIN #32
-
INJUSTICE
- AKA
VBS/Staple -
(20 March 2001 - Updated 21 Mar
01))
-
- A
politically-driven (Middle East conflict) worm which
propagates itself to addresses in your address book
via Outlook Express. You'll see why when you click on
one of the links below. The danger of this e-mail lies
in the fact that it is actually performing what looks
like a security measure: it asks you to confirm that
you sent this! However, the tip off might be that it
might be addressed to "Dear" and probably your full
name (or as abbreviated on the sender's email address
book - but not necessarily)! A friend wouldn't address
you in this way.
- Top
-
•
VIRUS BULLETIN #33
-
ANGEL
- AKA
Angelina Julie,
VBS/Anjulie@MM
- (23 March 01))
-
- This worm was
discovered on 23 March 2001 by McAfee: "This is a mass
mailing VBScript worm. It arrives as a .VBS email
attachment. Executing this attachment infects your
system which is then used to email the virus to
regular email correspondents." (McAfee) McAfee is the
only company reporting this so far. This bulletin will
be updated as other companies report on the
worm.
McAfee
-|Top
-
•
VIRUS BULLETIN #34
-
TWAIN, TWUNK
- AKA
VBS.Gnutella (alias:
VBS.Gnu),
W95.MTX
(alias: W.32/Apology)
- (31 March 01))
-
- Twain and Twunk
are neither viruses, nor worms. We only use these
names for the bulletin, because they are the most
recognizable in the whole text of a very misleading
e-mail virus warning (it should be classified as a
hoax) circulating at this time, because, if you
follow its advice, you could be deleting legitimate
Windows program files.
-
- We have posted it
as a Virus Bulletin, because part of the hoax includes
a component (Twain) of a name (Shania Twain.mp3.vbs)
of one of several potentially infected files. This
incorrect e-mail combines some keywords from two worm
warnings - one instance being an infection (Shania
Twain), the others being legitimate files (twain*.mtx
and twunk*.mtx).
-
- The e-mail says,
"Norton did not pick it up as a virus." FALSE:
Norton has had fixes for the two following worms since
May and August 2000, as have other
companies. Two worms show up in response to a
search of "twain" and "twunk" in the Norton virus
database.
- VBS.Gnutella
- "Shania Twain.mp3.vbs" is only ONE of the
infected files. If you are infected, the removal
method to disinfect your drive is complex. If you use
Gnutella file sharing software on the Internet, you
might find this C/Net News.com June
5, 2000 article
interesting.
- W95.MTX -
Norton's CAUTIONS section says: "The mere presence
of files that begin with the letters "mtx" or have the
.mtx extension is not an indication of infection.
For example, the files mtxdm.dll, mtxoci.dll,
twain*.mtx, and twunk*.mtx are all
legitimate Windows program files."
- If you receive this
e-mail, please:
- do NOT forward
it
- do NOT take any
action based on its recommendations
- check one of the
antiviral software company sites listed
below
- run your detection
software
- you may provide the
sender of the misleading e-mail with this bulletin's
internet address:
http://www.sdsltd.com/virus_bulletins.htm#V34
- REMEMBER:
The ONLY correct
way to remove infected files (at any time) from your
hard drive is to follow the procedures recommended by
your antiviral software company for the specific
problem at hand. Some procedures are more complicated
than others. Do not forget to update your antivirus
software online often - each week, or more often, is
better than once a month!
- Top
-
•
VIRUS BULLETIN #36
-
BADTRANS, BACKDOOR
- AKA
W32/Badtrans@MM,
Backdoor.NK.svr
- (23 April 01)
-
- Read
this
article at ZDNet (Online
Magazine) - Title: "Badtrans worm carries a
password-stealing Trojan, By Robert Vamosi - Opening
this mass-mailing worm's attachment could leave you
stranded in an e-mail traffic jam."
-
- CAUTION -
CAUTION - CAUTION - CAUTION - The danger of this
worm is that, "Badtrans arrives as an e-mail,
usually carrying a subject line in response to an
e-mail you have previously sent."
(ZDNet)
- F-Secure
(Data
Fellows) - "BadTrans is a worm spreading with e-mail
messages from Win32 systems. The worm sends email
messages with infected attached files, as well as
installs a spying trojan component to steal
information from infected systems. The worm was
discovered in-the-wild on April 12 2001.
- McAfee
- See right side box "More Information" for
remedy
- Norton/Symantec
- Site unavailable at publishing time. This is the
research page. Enter "Badtrans" in the search block to
find information on this worm.
- See
Virus
Bulletin #49
for resurgence of this worm (27 Nov
01)
- Top
-
•
VIRUS BULLETIN #37
-
CHERNOBYL
- AKA
CIH - (26
April 01))
-
- Read this
article
at CNet
(Online Magazine) - Title: "Chernobyl Virus Set to
Wake Up." But don't panic yet. Don't miss the
Computer
Virus Myths & Hoaxes reasoned
article on
this virus. As VMyths says, warnings may be more hype
than reality, but then who knows? Here's what some
antiviral software companies have to say:
- F-Secure
(Data Fellows) - "The CIH virus family is no longer
very widespread. The most common variant of the virus
activates every April 26th."
- McAfee
- See right side box "More Information" for
remedy
- Norton/Symantec
- Top
|
REMEMBER 