Loading ...
Sorry, an error occurred while loading the content.
 

Virus alert!

Expand Messages
  • trh trh
    Please do not open any messages that has the title: Here you have or Here you have, ;o and an attachment containing AnnaKournikova.jpg.vbs or
    Message 1 of 2 , Feb 12, 2001
      Please do not open any messages that has the title:

      "Here you have" or

      "Here you have, ;o"

      and an attachment containing

      "AnnaKournikova.jpg.vbs"

      or "ANNAKO~1.VBS"

      It is a new type of virus!

      Ahmet Toprak
      http://www.kkup.com/toprak.html

      Monday February 12 8:14 PM ET
      Anna Kournikova Photo Is Computer Virus in Disguise

      By Lisa Baertlein

      PALO ALTO, Calif. (Reuters) - Hackers are using a promised photograph of
      sexy Russian tennis star Anna Kournikova (news - web sites) to serve up a
      fast-spreading computer virus.

      The virus struck computers in Europe and the United States overnight. It
      uses a so-called worm to spread in the same manner as last year's ``Love
      Bug'' or ``Love Letter'' virus, which infected an estimated 15 million
      computers and sent servers crashing around the world after unsuspecting
      people opened an e-mail with ''I Love You'' on its subject line.

      ``It's an old virus concept but you put a pretty face and a nice pair of
      legs on it and people open it,'' Steve Gottwals, director of product
      marketing for F-Secure Corp, said.

      Moscow-born Kournikova, 19, is the world's ninth-ranked female tennis
      player and has never won a WTA title.

      Her off-the-court profile, however, has captured the imaginations of many,
      stroked by a provocative photo spread in the June 5 issue of Sports
      Illustrated and her rocky romantic links to hockey player Sergei Fedorov,
      of the Detroit Red Wings.

      LOVE BUG REDUX?

      The Kournikova virus -- which also is being referred to as ''VBS'',
      ``SST'' or ``On The Fly'' -- was first discovered in August and has been
      found in more than 50 large corporations, including Fortune 500s, Network
      Associates Inc. (NasdaqNM:NETA - news) said in a statement.

      ``This is the biggest thing since the Love Letter,'' David Perry, global
      director of education for Trend Micro Inc. (NasdaqNM:TMIC - news), said.

      Perry said users of his company's antivirus software have reported 50 to
      100 Kournikova hits per hour, but he and other security experts do not yet
      know how many computers have been affected.

      The subject line on the Kournikova virus e-mail reads: ``Here you have,
      ;o)''. The body of the e-mail says ``Hi: Check this!''

      When users of Microsoft Corp.'s (NasdaqNM:MSFT - news) Outlook e-mail
      software open the attachment, which is disguised as a photo file, the
      virus infects their computers and sends itself to every name in the users'
      address book.

      ``It's not dangerous in a sense that it's data destructive,'' said Vincent
      Weafer, director of the Symantec Antivirus Research Center. The Kournikova
      virus and others like it are damaging because they have the potential to
      clog e-mail systems and to cause servers to crash.

      ``They spread and burn very quickly, but die very quickly,'' Weafer said.

      One San Francisco analyst, who got a half-dozen of the Kournikova e-mails
      before his firm's server went down, wanted to know if people opened the
      e-mail attachment without a promise of a nude photo.

      When he learned that was the case, he laughed and said, ''Idiots.''

      DUTCH CONNECTION?

      Antivirus experts said it appeared the virus had been built from a
      programming tool kit created by a hacker known as ''Kalimar''.

      If the virus is not completely flushed from a computer, it will
      automatically connect to the Web site of a Dutch company called Dynabyte
      on Jan. 26 each year, they said.

      Virus watchers at Trend Micro believe that Kournikova was written by a
      hacker in Holland who used the handle ``On The Fly''.

      Others disagreed about the geographic origins of the virus, saying that
      the link to the Dutch company was likely a way to throw law enforcement
      off the hacker's scent.
    • Turkish Radio Hour
      There indications--we received a few returned mails from two e-mail systems claiming that we have sent them virii--that are e-mail addresses are being used to
      Message 2 of 2 , Jan 28 2:11 PM
        There indications--we received a few returned mails from two e-mail
        systems claiming that we have sent them virii--that are e-mail addresses
        are being used to send a new type of virus.

        TRH never sends viruses intentionally NOR OUR COMPUTERS CAN GET INFECTED
        AND SEND VIRUSES UNINTENTIONALLY: We are on a Unix computer that does not
        get infected by PC viruses, and, therefore cannot pass them on to the
        members of our lists. BUT a third party's computer can get infected and
        use our e-mail addresses and send a virus to you.

        Please take extra precaution in opening your e-mails, especially their
        attachments.

        Please read the following for more.


        Ahmet Toprak

        --------------------------------------------------------------------------------------


        As of January 26, 2004 1:47 PM (US Pacific Time), TrendMicro has declared
        a yellow alert to control the spread of WORM_MYDOOM.A (previously known as
        WORM_MIMAIL.R).

        This mass-mailing worm selects from a list of email subjects, message
        bodies, and attachment file names for its email messages. It spoofs the
        sender name of its messages so that they appear to have been sent by
        different users instead of the actual users on infected machines. (So, If
        you are NOT expecting any messages from anyone, please DO NOT OPEN any
        attachments to the emails that you receive.)

        It can also propagate through the Kazaa peer-to-peer file-sharing network.

        This worm runs on Windows 95, 98, ME, NT, 2000, and XP.





        It sends email with the following details:

        From: <Spoofed email address>
        Subject: (any of the following)
        <blank>
        <random characters>
        Error
        Status
        Server Report
        Mail Transaction Failed
        Mail Delivery System
        hello
        hi

        Message Body: (any of the following)
        <blank>
        <garbage data>
        The message contains Unicode characters and has been sent as a binary
        attachment.
        The message cannot be represented in 7-bit ASCII encoding and has been
        sent as a binary attachment.
        Mail transaction failed. Partial message is available.
        test

        Attachment: (any of the following file names)
        body
        message
        test
        data
        file
        text
        doc
        readme
        document

        (plus any of the following extensions)
        ZIP
        BAT
        EXE
        PIF
        SCR
        CMD

        The attachment may or may not arrived zipped. When zipped, it contains the
        worm executable file with the same file name and any of the described
        extensions. When unzipped, it uses either extensions, PIF or EXE.

        The spoofed sender address is taken from email addresses obtained from the
        system.





        Kazaa Propagation

        This worm also has capabilities to spread via Kazaa, a popular
        peer-to-peer file sharing application.

        It drops a copy of itself in the Kazaa shared folder with a file name
        chosen from the following list:

        nuke2004
        office_crack
        rootkitXP
        strip-girl-2.0bdcom_patchers
        activation_crack
        icq2004-final
        winamp5
        The dropped file can have any of the following extensions:

        BAT
        EXE
        PIF
        SCR
      Your message has been successfully submitted and would be delivered to recipients shortly.