PRODUCTS > Computer Virus Alerts - Maintenance
Virus alerts for Feb 2005
Current virus alerts here.
Computer virus alert
By the time you receive the e-mail 'virus alert' it can be too late!
We stock the most efficient anti virus program which checks for updates hourly

Get in touch for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.
Bagle virus info here

Latest Virus Alert

Feb 26 2005 Larissa Loves You - WORM_ASSIRAL.A

WORM_ASSIRAL.A is a memory-resident worm that arrives as an email attachment. It propagates by sending copies of itself via email to addresses found in Microsoft Outlook, and by dropping a copy of itself in the root folder of all network and fixed drives connected to affected machines. It is currently spreading in-the-wild, and infecting computers running Windows 98, ME, NT, 2000, and XP.

Upon execution, it drops the following files in the following locations:

* %System%\MS_LARISSA.EXE
* %Windows%\SPOOLMGR.EXE
* %Windows%\LOVE_LETTER.TXT.EXE
* C:\Windows\WINVBS_32.VBS (the worm's mass-mailing component)
* C:\Windows\system32\REG_32.VBS (the worm's payload component)
* C:\LARISSA_ANTI_BROPIA.HTML (non-malicious file)
* C:\MESSAGE.TXT (non-malicious file)

The file LARISSA_ANTI_BROPIA.HTML displays text on affected machines' Internet browsers. The file MESSAGE.TXT contains the following strings:

Greetz from LARISSA.B!
I will survive, In this moment in time.
You computer will crash,
So, you will be mine.
I never crash,
I never fail.
So, in this moment in time,
I will survive...
- LARISSA AUTHOR - 5-15-05

The worm's component file, WINVBS_32.VBS, is used to propagate the email. It sends copies of itself to addresses in Microsoft Outlook, with the following details:

Subject: Re: LOV YA !
Message Body: Kindly read and reply to my LOVE LETTER in the attachments :-)
Attachment: LOVE_LETTER.TXT.exe

This worm may also propagate through the network by dropping a copy of itself in the root folder of all network and fixed drives connected to affected machines. Certain processes that are associated with antivirus and monitoring applications are terminated by the worm, as well as certain processes associated with variants of WORM_BROPIA. View the list of terminated processes.

Get in touch for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.

Top 10 Most Prevalent Global Malware
(from February 18 to February 25, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. TROJ_AGENT.AAB
5. WORM_NETSKY.D
6. TROJ_SMALL.SN
7. SPYW_GATOR.D
8. JAVA_BYTEVER.B
9. SPYW_GATOR.C
10. WORM_NETSKY.Q

Feb 17 2005 WORM_MYDOOM.BB

12website.com received numerous infection reports indicating that this malware is spreading in Singapore and U.S.
This worm was previously detected as WORM_MYDOOM.M.

It has very similar characteristics as with WORM_MYDOOM.M. However, this new MYDOOM worm comes compressed with MEW compression tool, whereas WORM_MYDOOM.M is compressed using UPX.

Like earlier MYDOOM variants, this worm spreads via email through SMTP (Simple Mail Transfer Protocol), gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives.
It uses social engineering techniques by sending out email messages with a spoofed sender's name and poses as a failure delivery notification. The email message it sends has varying subjects, message bodies, and attachment file names.

Apart from simply spreading via email, this worm also carries backdoor functionalities that leaves the infected machine vulnerable to remote access. It drops a backdoor component named SERVICES.EXE in the Windows folder, which opens TCP port 1034 and waits for outside connections. This routine virtually hands over control of the affected machine to a remote attacker.

Get in touch for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.

Feb 14 Locked Up - SYMBOS_LOCKNUT.A

SYMBOS_LOCKNUT.A is memory-resident malware that infects mobile devices running Symbian 7.0s Operating System, but does not propagate. It uses a vulnerability in Symbian OS v7.0s to cause a system process crash which locks the mobile device. It drops several files and folders in the C: directory of the phone, which disable several special buttons of the phone, leaving only the kepyad buttons enabled. It also infects mobile devices running Symbian OS v6.1 and v7.0 but fails to cause the system to crash.

This malware usually arrives as an installation file with the following file names:

* Patch_v1.sis
* Patch.sis

Upon installation, this malware drops the following files and folders in the C: directory of the phone:

* system\apps\gavno\gavno.app
* system\apps\gavno\gavno.rsc
* system\apps\gavno\gavno_caption.rsc

It also drops a copy of itself as PATCH.SIS in the C: directory of the phone. These files are specially crafted to disable most of the special buttons of the phone, leaving only the keypad buttons enabled. It can also infect mobile devices running Symbian OS v6.1 and v7.0 but fails to cause the system to crash.

Get in touch for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.

Top 10 Most Prevalent Global Malware
(from February 8 to February 14, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. WORM_SDBOT.APA
4. ADW_APROPOS.51
5. JAVA_BYTEVER.A
6. WORM_NETSKY.D
7. SPYW_GATOR.B
8. SPYW_GATOR.D
9. SPYW_GATOR.C
10. WORM_BAGLE.AZ

Feb 8 2005 MSN Messenger Worm - Funky Chicken - WORM_BROPIA.F

On February 3 a Medium Risk alert was declared for WORM_BROPIA.F
, a memory-resident, non-destructive worm that propagates via MSN Messenger by sending a copy of itself using various file names, to all online contacts. The worm also drops the file SEXY.JPG which displays an image, and attempts to drop and execut a bot program. This worm is currently spreading in-the-wild. It infects computers running Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, this worm drops a copy of itself in the Windows system folder MSNUS.EXE. It also drops a copy of itself in the root folder (usually C:\) using any of the following file names:

* Bedroom-thongs.pif
* Hot.pif
* LMAO.pif
* LOL.scr
* Naked_drunk.pif
* New_webcam.pif
* ROFL.pif
* underware.pif
* Webcam.pif

It also drops and executes the file SEXY.JPG in the same folder. This .JPG file displays an image. The worm propagates via MSN Messenger by sending a copy of itself to all online contacts, using any of the file names listed above. It also attempts to propagate via Windows Messenger, however, the application automatically blocks the file transfer.

This worm attempts to drop and execute the file CZ.EXE in the root folder. If successfully dropped, the file CZ.EXE then drops and executes a copy of itself in the Windows system folder as WINHOST.EXE. However, it first checks whether any of the following malicious files already exist on the affected system:

* DNSSERV.EXE
* WINIS.EXE

If any of these files already exist, the worm will not drop the file WINHOST.EXE and will instead proceed with its propagation routine.

This worm also has an anti-debugging technique. It will not run if any of the following debugging applications are currently running on the affected system:

* NT-ice
* Softice

It is also capable of setting the affected system's volume levels to zero, which may be used to prevent users from hearing any sound prompts, especially those that may be coming from antivirus and security applications.

Get in touch for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.

Top 10 Most Prevalent Global Malware
(from January 28 to February 3, 2005)

1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. WORM_NETSKY.D
5. SPYW_GATOR.D
6. WORM_NETSKY.B
7. WORM_NETSKY.C
8. DOS_AGOBOT.GEN
9. SPYW_GATOR.C
10. TROJ_ISTBAR.GM

Get in touch for a one month free antivirus trial.
Add "Virus Trial" to the Comments area.

12website has a maintenance program for our clients to ensure their will not be 'let down' by an inefficient computer.

Computer maintenance is necessary to keep your machine running smoothly without down time.