Joined
·
11,184 Posts
Watch out for the new virus that's been spreading. I've already received several infected messages.
[email protected] is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.
The worm will perform a DoS starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.
This virus is spread via email, and the messages may have the following characteristics;
From: may be a spoofed from address
Subject:
(one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
Message:
(one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment:
(one of the following)
document
readme
doc
text
file
data
test
message
body
--------------------------------------------------------------------------------
Notes:
The attachment may have two suffixes. If so, the first suffix will be one of the following:
.htm
.txt
.doc
The worm will always end with one of the following suffixes:
.pif
.scr
.exe
.cmd
.bat
.zip
Be extra careful opening messages from people you don't know, or messages that contain any of the subjects listed above, even if it's from people you do know!
Finally, make sure that your anti-virus signatures are up to date!
[email protected] is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files.
The worm will perform a DoS starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.
This virus is spread via email, and the messages may have the following characteristics;
From: may be a spoofed from address
Subject:
(one of the following)
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
Message:
(one of the following)
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment:
(one of the following)
document
readme
doc
text
file
data
test
message
body
--------------------------------------------------------------------------------
Notes:
The attachment may have two suffixes. If so, the first suffix will be one of the following:
.htm
.txt
.doc
The worm will always end with one of the following suffixes:
.pif
.scr
.exe
.cmd
.bat
.zip
Be extra careful opening messages from people you don't know, or messages that contain any of the subjects listed above, even if it's from people you do know!
Finally, make sure that your anti-virus signatures are up to date!