PRODUCTS > Computer Virus Alerts - Maintenance
Virus alerts for June 2005
Current virus alerts here.
Computer virus alert
By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly

Contact Us for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Virus Alerts June 2005

June 25 2005 - VBScript Worm - VBS_IPNUKER.A

VBS_IPNUKER.A is a non-destructive, non-memory resident worm that propagates only during the months of January, June, and December. It can propagate through email messages and Internet Relay Chat (IRC). This worm is currently spreading in-the-wild and infecting systems that run Windows 98, ME, NT, 2000, XP.

Upon execution, this VBscript switches the functions of the affected machine's mouse buttons and changes the icons for such file types as MPEG, MP3, JPEG, and TXT. It also deletes the application, Norton Antivirus, from the Program files folder.

It uses MAPI commands to propagate itself and to gather email addresses stored in the affected system. It then sends out an email to the gathered addresses.

Upon arrival, this Visual Basic script (VBscript) drops the following files:

%Windows%\favorites\ipnuker.url
%Windows%\ipnuker.vbs
C:\mirc\ipnuker.vbs

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

It also creates a registry entry to enable its execution at every system startup and deletes these types of files: .BAT, .TXT, and .VBS.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

VBS_IPNUKER.A is detected and cleaned by Eset NOD32 antivirus.

Top 10 Most Prevalent Global Malware
(from June 17 to June 23, 2005)

1. JAVA_BYTEVER.A
2. HTML_NETSKY.P
3. TSPY_SMALL.SN
4. SPYW_GATOR
5. WORM_NETSKY.P
6. SPYW_DASHBAR.300
7. TROJ_DYFUCA.I
8. WORM_SOBER.K
9. SPYW_WEBSEARCH.A
10. PE_PARITE.A

June 18 2005 - MSN Messenger Worm - WORM_HARWIG.B

WORM_HARWIG.B is a non-destructive, memory-resident worm that propagates via MSN Messenger. It sends a message to all available online contacts, with a message containing a link that points to a copy of the worm. This worm is currently spreading in-the-wild and infecting systems that run Windows 95, 98, ME, 2000, and XP.

Upon execution, this worm drops a temporary copy of itself in the root folder, checks for the existence of MSN Messenger. If found, it executes the application and attempts to log on as the default user or current user. Upon successful login, it sends a message containing a link that points to a copy of the worm.

If MSN Messenger is not present on a system, the worm copies itself in the Windows folder with the file name ABCDEFG.EXE.

It adds a registry entry that allows it to automatically execute at every Windows system startup, and drops an Internet Relay Chat (IRC) BOT file named PROXY.EXE in the Windows system folder.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from June 10 to June 17, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. WORM_SOBER.S
5. SPYW_GATOR
6. TSPY_SMALL.SN
7. SPYW_DASHBAR.300
8. ADW_2020SEARCH.A
9. ADW_2020SEARCH.C
10. ADW_SHOPNAV.B

June 11 2005 - Bobbing for BOBAX - WORM_BOBAX.P

On June 3 Antivirus Agency declared a medium risk alert in order to control the spread of WORM_BOBAX.P. Antivirus Agency has received several infection reports indicating that this malware is currently spreading in-the-wild in the United States, Singapore, Ireland, Peru, Japan, Australia, and India. This memory-resident worm infects Windows 98, ME, NT, 2000, and XP.

This is a blended threat, using a Trojan/Worm combination. The worm spreads by attaching TROJ_SMALL.AHE to an email message that it sends using its own SMTP engine. When the trojan is executed on a user’s system it downloads WORM_BOBAX.P. Like many worms, this malware takes advantage of the LSASS vulnerability in the Windows Operating System. Similar to the TROJAN/WORM_BAGLE combination WORM_BOBAX.P propogates in the following manner:

* TROJ_SMALL.AHE is mass-mailed
* TROJ_SMALL.AHE is executed on the user’s system, and in turn downloads WORM_BOBAX.P
* WORM_BOBAX.P is executed and drops a Dynamic Link Library (DLL) file
* The DLL file mass-mails TROJ_SMALL.AHE

TROJ_SMALL.AHE, which is the seeding portion of the malware, utilizes a common social engineering technique that promises breaking news regarding current world events. This malware promises a story – and pictures – on hoaxes such as the capture of Osama bin Laden and the shooting death of Saddam Hussein, to lure the recipient into clicking on the file. Clicking on the attachment causes the trojan to run in memory and eventually download the worm component from the predefined Web site. The worm then spreads to all contacts in the recipient’s address book.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from June 4 to June 10, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. WORM_SOBER.S
5. WORM_NETSKY.DAM
6. SPYW_GATOR
7. TSPY_SMALL.SN
8. SPYW_DASHBAR.300
9. WORM_NETSKY.D
10. TROJ_DYFUCA.I

June 04 2005 - Two MYTOBS -
WORM_MYTOB.AR & WORM_MYTOB.BI

Antivirus Agency raised two MYTOB variants to yellow alert status this week – WORM_MYTOB.AR and WORM_MYTOB.BI.
More info on the MYTOB worms here.
These are the third and fourth variants of the ever-popular family of worms to reach the alert stage. Both worms are currently spreading in-the-wild. WORM_MYTOB.AR infects computers that run on Windows 98, ME, 2000, and XP. WORM_MYTOB.BI infects computers that run on Windows 98, ME, NT, 2000, and XP.

It has only been 90 days since antivirus experts detected the first variant of the MYTOB family of worms. Yet, since its detection on February 27, 2005, WORM_MYTOB has managed to register nearly 120 new variants and is responsible for more than 65,000 worldwide infections.

These worms are nearly identical to previous MYTOB variants, which use the classic social engineering technique of posing as an e-mail administrator to entice users to execute the attachment in the mail. The malware attempts to fool the user into thinking that the email is about the suspension of his/her email account. And, as with all other variants, these memory-resident worms propagate by sending a copy of themselves as an attachment within an email message, which they send to target recipients using their own Simple Mail Transfer Protocol (SMTP) engine.

The only difference between the “.AR” variant and the “.BI” variant is the name of the dropped file. But, there are three notable differences of “.AR” and “.BI”, versus their 115 MYTOB predecessors. These differences are:

* They drop a copy of themselves as LIEN VAN DE KELDER.EXE or LIEN VAN DE KELDERRR.EXE (note, the only difference between the dropped file in the “.AR”
variant and the “.BI” variant is the addition of two “R’s” at the end of the file name in “.BI”) in the Windows system folder. Lien Van de Kelder is a popular Belgian actress.
* Upon execution, the worms drop spyware and adware onto the victims’ machine which contains a backdoor capability. The spyware, detected as TSPY_AGENT.H, tracks user preferences and could (potentially) track infection rates. The adware, detected as ADW_MEDTICKS.A, is a popular adware program “Media Tickets” (www.mediatickets.net). It has the ability to track what the user clicks on – and how often they do it – and can display pop-up ads. This adware also promises to pay 15 cents (USD) for every time a user clicks on the adware.
* They also open Internet Explorer (IE) to connect to different Web sites that install other spyware or adware programs currently available on host sites.

It is believed that these variants are actually intended as a testing ground for future variants that will likely take advantage of the monetary offer of the adware (the site referred to in this variant is not believed to be one of those sites – it was likely just written by a fan of Ms. Van De Kelder).

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

Top 10 Most Prevalent Global Malware
(from May 26 to June 04, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. TSPY_SMALL.SN
5. WORM_NETSKY.DAM
6. WORM_SOBER.S
7. SPYW_GATOR
8. WORM_NETSKY.D
9. TROJ_DYFUCA.I
10. SPYW_DASHBAR.300

June 03 2005 - WORM_BOBAX.P.
Antivirus Agency has declared a Medium Risk Virus Alert to control the spread of WORM_BOBAX.P. We have received several infection reports indicating that this malware is spreading in Australia, India, Ireland, Japan, Peru, Singapore, and the United States.

This memory-resident worm usually arrives on a system as a downloaded file of TROJ_SMALL.AHE. It spreads by sending a copy of TROJ_SMALL.AHE as an attachment to an email message that it sends using its own Simple Mail Transfer Protocol (SMTP) engine.

The message it sends out contains the following details:

Subject: {blank}

Message body: (any of the following)

• Attached some pics that i found
• Check this out
• Hello,
• I was going through my album, and look what I found..
• Long time! Check this out!
• Osama Bin Laden Captured.
• Remember this?
• Saddam Hussein - Attempted Escape, Shot dead
• Secret!
• Testing

(followed by any of the following strings)

• +++ Attachment: No Virus found
• +++ F-Secure AntiVirus - You are protected
• +++ Norman AntiVirus - You are protected
• +++ Norton AntiVirus - You are protected
• +++ Panda AntiVirus - You are protected
• +++ www.f-secure.com
• +++ www.norman.com
• +++ www.pandasoftware.com
• +++ www.symantec.com

Attachment: (any of the following names followed by a .ZIP extension)

• bush.1
• funny.1
• joke.1
• pics.1
• secret.2

When an unsuspecting user executes the Trojan attachment, TROJ_SMALL.AHE downloads WORM_BOBAX.P, and the vicious worm-Trojan cycle continues.

It also propagates by taking advantage of the Windows LSASS vulnerability. Furthermore, it is capable of modifying the system's HOSTS file in order to prevent users from accessing certain Web sites.

Contact Us for a free antivirus trial to the end of this month.
Add "Virus Trial" to the Comments area.
Free trial antivirus

12website has a maintenance program for our clients to ensure their will not be 'let down' by an inefficient computer.

Computer maintenance is necessary to keep your machine running smoothly without down time.