PRODUCTS > Computer Virus Alerts - Maintenance
Virus alerts for Dec 2005
Current virus alerts here.
Computer virus alert
By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly
.

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Virus Alerts Dec 2005

December 30 2005 Trojan.Spamlia

This nasty piece of work uses your personal lists of friends and or business associates to send spam. When Trojan.Spamlia executed, it performs the following actions:

1. Obtains all email addresses from the Windows Address Book and saves them to %Temp%\~BG.

Note: %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).

2. May also obtain SMTP Display Name, SMTP Email Address, and SMTP Server information from the following registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\[RANDOM]

3. Sends SPAM email to all email addresses gathered from the Windows Address Book. Some of the emails contains the following characterstics:

Subject:
babbo natale indagato
Message:
evviva la stupidit!!
[DOMAIN]/video9.html
Della serie.... infierisci anche tu !!
buone feste! Buon anno!!!
[SMTP DISPLAY NAME]

Subject:
incoscienza natalizia
Message:
non fraintendere !!
[DOMAIN]/video8.html
Buone feste
[SMTP DISPLAY NAME]

Subject:
scherzo Natalizio
Message:
a natale si
tutti pi
imbranati
[DOMAIN]/video7.html
hehehe ciao tanti auguri
[SMTP DISPLAY NAME]

Subject:
video simpatico natalizio
Message:
scherzetto simpatico...eheheh
[DOMAIN]/video6.html
a presto, vi auguro buone feste
[SMTP DISPLAY NAME]

Note:

* [SMTP DISPLAY NAME] is the SMTP Display Name gathered from the registry entry listed above.
* [DOMAIN] is one of following:

* [http://]www.nice-movie-laugh.com/[REMOVED]
* [http://]www.nice-movie-jokes.com/[REMOVED]
* [http://]www.movielaugh.com/[REMOVED]
* [http://]www.moviejump.com/[REMOVED]
* [http://]www.movie-smile.com/[REMOVED]
* [http://]www.goodmoviejokes.com/[REMOVED]
* [http://]www.good-movie-smile.com/[REMOVED]
* [http://]www.good-movie-play.com/[REMOVED]
* [http://]www.good-movie-laugh.com/[REMOVED]
* [http://]www.good-movie-jokes.com/[REMOVED]
* [http://]www.goodmovielaugh.com/[REMOVED]
* [http://]www.nicemoviesmile.com/[REMOVED]
* [http://]www.nicemovieplay.com/[REMOVED]
* [http://]www.nicemovielaugh.com/[REMOVED]
* [http://]www.movie-play.com/[REMOVED]
* [http://]www.movie-laugh.com/[REMOVED]
* [http://]www.goodmoviesmile.com/[REMOVED]
* [http://]www.goodmovieplay.com/[REMOVED]

4. Deletes itself and %Temp%\~BG.

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area. Free trial antivirus

Top 10 Most Prevalent Global Malware
(from December 23 to Decemer 30, 2005)

1. WORM_SOBER.G
2. SPYW_DASHBAR.300
3. JAVA_BYTEVER.A
4. SPYW_GATOR.F
5. HTML_NETSKY.P
6. WORM_NETSKY.P
7. WORM_MOFEI.B
8. ADW_LOP.A_
9. TSPY_SMALL.SN
10. TROJ_BAGLE.

December 22 2005 32.Spybot.ACDM

W32.Spybot.ACDM is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting vulnerabilities and by sending a message containing a link to a copy of the worm to Messenger & AOL Instant Messenger contacts.

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

12website.com encourages all users and administrators to adhere to the following basic security "best practices":

  • Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
  • If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area. Free trial antivirus

Top 10 Most Prevalent Global Malware
(from December 16 to Decemer 22, 2005)

1. WORM_SOBER.G
2. SPYW_DASHBAR.300
3. JAVA_BYTEVER.A
4. SPYW_GATOR.F
5. HTML_NETSKY.P
6. WORM_NETSKY.P
7. WORM_MOFEI.B
8. ADW_LOP.A_
9. TSPY_SMALL.SN
10. TROJ_BAGLE.A

December 16 2005 Phishing scams

The second annual report, published by AOL and the National Cyber Security Alliance, called the Online Safety Study found some alarming numbers regarding home computer security. Phishing scams raid home PCs regularly and many receive the phishing emails thought they were from legitimate companies.

More than two-thirds of consumers who've received the scam emails said they thought the emails were legitimate. This puts those home computer users at a very high risk of losing sensitive, personal information to identity thieves or criminals.

The study sent experts to homes to examine personal computers for known security risks and threats. The numbers weren't good. One in five respondents said they had a friend or family member who had already been hit by identity fraud scams. Only 42% said they even knew of the term "phishing" and only 57% of those folks could explain it. Yet one in four Americans are affected by phishing scams.

The way the scam works is people receive emails that often look quite legitimate. It usually looks like it comes from a financial institution. Bank of America is a popular one although any bank is possible. Also companies like eBay or their subsidiary PayPal also get a lot of traction. They say they need to "update" your information or some other nonsense and they provide a link. That link provides all the info they need to play your finances.

"Phishers are getting better at tricking consumers into revealing their bank account and financial information, and most Americans can't tell the difference between real e-mails and the growing flood of scams that lead to fraud and identity theft." said Tatiana Platt, Senior Vice President and Chief Trust Officer for AOL.

"Consumers need to be aware of the risk, and they need to use critical protections like anti-virus software, spyware protection, and a firewall to help protect them from online threats."

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area. Free trial antivirus

Top 10 Most Prevalent Global Malware
(from December 9 to Decemer 15, 2005)

1. WORM_SOBER.G
2. SPYW_DASHBAR.300
3. JAVA_BYTEVER.A
4. SPYW_GATOR.F
5. HTML_NETSKY.P
6. WORM_NETSKY.P
7. WORM_MOFEI.B
8. ADW_LOP.A_
9. TSPY_SMALL.SN
10. TROJ_BAGLE.A

December 09 2005 Happy New Year - WORM_SOBER.AG

There have been reports that the new year will start with a bang possibly on the 5th of January or 6th of January, when a new SOBER variant is suspected to be released by the same group that caused the recent WORM_SOBER.AG outbreak in November.

The reports may have been based on the analysis that WORM_SOBER.AG will download an executable file Sober.exe) possibly on either January 5, 2006 or January 6, 2006 from certain URLs that are hard-coded and encrypted within the SOBER.AG worm. These "predefined" URLs are not the exact sites that may used - an algorithm based on the date is used to generate the exact URLs that will be used on the target date itself.

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area. Free trial antivirus

Top 10 Most Prevalent Global Malware
(from December 2 to Decemer 8, 2005)

1. WORM_SOBER.G
2. SPYW_DASHBAR.300
3. JAVA_BYTEVER.A
4. SPYW_GATOR.F
5. HTML_NETSKY.P
6. WORM_NETSKY.P
7. WORM_MOFEI.B
8. ADW_LOP.A_
9. TSPY_SMALL.SN
10. TROJ_BAGLE.AH

December 02 2005 Phishing Scam Targets Yahoo! Photos

In the past week, much attention has been given to the Yahoo phishing scam that is advertised through instant messenger (IM) via Yahoo Messenger. The aim of the phisher is to entice a user to click on the given link and provide personal details by logging in through the spoofed Web site that it opens.

The IM arrives with the following text:

http://www.geocities.com/oxox0o_angel_oxox0o/ ^:)^ guess where this pic was taken and guess who is behind me in the picture

or

http://www.geocities.com/oxox0o_cary_oxox0o/ ^:)^ guess where
this pic was taken and guess who is behind me in the picture

The spoofed Web site bears a close resemblance to the legitimate Yahoo! Photo’s online login page, and the phishers made no attempt to disguise the Phishing URL in the address bar. The page is hosted by Geocities so it is possible for user's to determine that the Web site is not legitimate. The Phishing Web site asks the user for a user name and password.

Upon clicking on the Sign In button, the gathered information is then sent to the email address: oxox0o_angel_oxox0o@yahoo.com that can be found at the page source of the phishing web site, http://www.geocities.com/oxox0o_angel_oxox0o/.

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area. Free trial antivirus

Top 10 Most Prevalent Global Malware
(from November 25 to Decemer 1, 2005)

1. JAVA_BYTEVER.A
2. WORM_SOBER.AG
3. SPYW_DASHBAR.300
4. SPYW_GATOR.F
5. TROJ_BAGLE.AH
6. HTML_NETSKY.P
7. JAVA_BYTEVER.S
8. TSPY_SMALL.SN
9. WORM_NETSKY.P
10. TROJ_ISTBAR.FN