SDSL Security Links - Virus Bulletins


Virus Bulletins

Latest update: 22 Aug 03 at

Not sure about a threat? We'll be glad to check it out for you. Forward it to security@sdsltd.com with a word of explanation on how you received it. E-mails forwarded without explanation will be treated as a virus and deleted.

• VIRUS BULLETIN #60 - W32Sobig

aka Sobig.C
(13 Jan 03, 05 Jun 03, 22 Aug 03 )

Update 22 Aug 03 - SoBig VIRUS/WORM - Second wave of SoBig predicted to start on August 22nd. Just resist the temptation to open up attachments from anyone. If you know the sender, protect yourself by doing a "reply to" and asking if the sender meant to send the attachment. If you don't know the sender, just trash the e-mail! If you want to find out more about this nasty virus/worm, you may visit these three antivirus software companies:

F-Secure - Warning of new level of SoBig worm attack on Aug. 18. Details here.

McAfee/Network Associates

Norton/Symantec

Sophos - "How to block the second wave." Details here.

Microsoft

Snopes/Urban Legends Page - Simple reference list of subject lines and attachment names, and link to Trend Micro system cleaner here.

Update 06 Jun 03 - Visit the three antivirus sites below. Worm poses as e-mail from Bill Gates. Read the article in InformationWeek.com.

Norton/Symantec

F-Secure - Quote from this F-Secure link: "F-Secure has also developed a free tool, which will clean Sobig.C -infected machines. The link to the removal tool can be found on the right-hand box." (F-Secure)

McAfee

Top

• VIRUS BULLETIN #59 - W32Lirva
aka Naith, W32.Korvar, W32.HLLM.Seoul, Avril Lavigne
(09 Jan 03)

Read about this latest malicious worm in the ZDNet article "Lirva Worm Attaches to Avril Lavigne." "Lirva also has functionality to disable several antivirus and security applications if it notices their presence." (F-Secure) Information at these antivirus software sites:

Norton/Symantec | F-Secure | McAfee: Removal instruction at bottom of page

You will need to do the following to protect yourself against this worm:

1. Visit the links to the Microsoft patches listed on the above sites to make sure you have the latest patches for Internet Explorer and Outlook Express or Outlook.

2. Update your antivirus software online now to get the latest virus definitions and restart your computer before retrieving e-mail. It is a good idea to have your antivirus software set for updating online everyday before you get your mail.

3. Refrain from opening attachments, as tempting and enticing as they might seem. You don't expect an attachement from someone? Don't open the attachment until you have checked with the sender. Don't forget to visit Words of Caution

Top

• VIRUS BULLETIN #58 - Winevar
aka W32.HLLW.Winevar, W32.Korvar, W32.HLLM.Seoul
(29 Nov 02)

"New E-mail Worm Causing Severe Damage - Winevar could delete all the files on a computer's hard drive, while also mocking the user. " is the headline of this PCWorld.com article. "Once infected machines are rebooted, the worm displays a dialogue titled 'Make a fool of oneself" with the message 'What a foolish thing you have done!' Clicking on an OK button on the dialogue deletes all files on the computer's hard drive that are not currently opened, according to the security advisories." (PCWorld.Com)

N orton/Symantec bulletin and Norton Symantec Removal Tool - "W32.HLLW.Winevar is a mass-mailing worm that disables some antivirus and firewall programs and drops and executes the W32.FunLove.4099 virus.[...] Symantec Security Response encourages you to block email attachments that have .pif or .ceo extensions." (Norton/Symantec)

F-Secure -

McAfee - Removal instruction towards the bottom of the page

Patches for Windows users of Microsoft Internet Explorer are available here.

Top

• VIRUS BULLETIN #57 -Electronic Greeting Card/Porn Worm
aka Ortyc.Trojan, friendgreeting.com, Permissioned Media
(26 Oct 02, Updated 12 Dec 02)

This is not a virus or a worm... So what is it doing here? "It's part spam, part pop-up porn ad software, part computer virus, part e-greeting card - but a complete nuisance." The e-mail offers to install Cytron software on your computer. "But users who click on the link and agree to install Cytron find their computer is hijacked and used to send out similar greeting card e-mails to everyone in the recipient's Outlook address book. Later, they are treated to a small deluge of pop-up ads for porn sites." (MSNBC, October 25, 2002) See the full article here. It is easy to read and understand. A must in today's e-mail jungle!

Norton Symantec - View the extensive list of offending greeting card sites.

Norton/Symantec - "Ortyc.Trojan is a Trojan horse that displays pop-ups of some pornographic Web sites when you use Internet Explorer to browse any Web site that contains any of the key words that are in the list carried by the Trojan." (Norton)

F-Secure - Interesting information on origin of the software package

McAfee

Friend Greeting software

Information about the Cytron software mentioned above

Trend Micro

Top

Return to Virus Bulletins Index Page

REMEMBER

Your antivirus software is only as effective as of the last date YOU updated it. Latest updates should be dated the current month. Just because you bought your antivirus software recently, it does not necessarily contain the latest virus definitions. That software is only as current as the date it was recorded prior to being processed for packaging (that could be several months ago). It is your responsibility to update it often (daily prior to retrieving e-mail is the best method) - or as recommended by the manufacturer - by going to the manufacturer's site or using LiveUpdate.

Viruses & Hoaxes - Security Bulletins - Hoax Bulletins - Top
Text from organizations as indicated - Page ©2003 Sherman Dynamics & Security Ltd.