PC virus FYI

[Dan Murphy]

Just make sure you are VERY current on both programs and defs. Just an FYI........

http://www.msnbc.msn.com/id/11114993/

http://www.microsoft.com/technet/security/advisory/904420.mspx

http://reviews-zdnet.com.com/4520-6600_16-6426309-1.html

 

[Towncrier]

And do NOT open any suspicious emails on February 3rd. That day especially.

 

[Dan Murphy]

Apparently the 3rd of any month the way I understand it, John.

 

[CLynnJones]

Wow, I didn't know this (about the 3rd of the month). Thanks so much for the info. Very nice of you.

 

[Dan Murphy]

Just a reminder.

 

[jfulcer]

And do NOT open any suspicious emails on February 3rd. That day especially.

Any suspicious emails, ever. Never. Ever.

There are never going to be naked pictures of (insert famous celebrity here) that are emailed around....

 

[GoofyDad869]

I've been spending a little time each day this week updating everyone's virus definitions and Windows/Office Updates. All day so far today has been final updates and scans. We're pretty well automated but I manually verified that key updates were applied. Everything is clean (so far, the last scan hasn't finished up yet so don't want to jinx it) so I've got a good basepoint if something goes wrong tomorrow for us. Tonight I'm running a full backup to be sure (last full one was last Friday - our dailies are typically incrementals). My home computers were done last night.

I brought it up briefly in our weekly Monday Morning Meeting. I sent a best case / worst case email out on Monday afternoon to my guys & gals describing what BlackMal/MyWife/Nyxem/KamaSutra does in plain English. How it could affect us. What specifically they should look out for (even included Symantec's technical article). And I stressed that anybody who introduces it to any of our systems will be "mandatorial volunteered by me" to be my 'assistant' over the weekend during any cleanup / data restore festivities. I have 'read' receipts for all of our staff.

I do the network admin. stuff in my "spare time" so I really don't have time to deal with stuff like this. I have very little patience with people when they ignore explicit warnings. Especially if there's some simple precautions we can take to minimize our risks.

I don't take Worm threats lightly.

The MSNBC article is misleading, in my opinion. It mentions PDFs as being potentially destroyed, but the technical article I've read is saying it targets only Office data files (.doc, .xls, .ppt, etc.). Is PDF something new, or is it a typical case of national media making things worse than they are (or a clueless data entry person)?

 

[crazelion]

Just went to update my virsus scan now.
thanks Dan

 

[Towncrier]

From Symantec's website:

When the worm is executed on the 3rd day of every month, it may overwrite files with the following extensions in all drives from A to Z:


*.doc
*.xls
*.mdb
*.mde
*.ppt
*.pps
*.zip
*.rar
*.pdf
*.psd
*.dmp

Note: The files are overwritten with the following text:

DATA Error [47 0F 94 93 F4 F5]

As you can see, PDF files are vulnerable. The nastiest part of this particular worm is that it overwrites your files rather than deleting them. A deleted file can sometimes be recovered. An overwritten file is gone for good.

Thanks for the clarification Dan. This worm does indeed strike on the 3rd of EVERY month, not just February.

 

[Mom2Ashli]

Thanks for the reminder.

 

[BethR]

I think that Thunderbird (e-mail program for FireFox) stopped me from downloading this the other evening.

I got an e-mail from "Panda Software" entitled: "ALERT: BlackWorm- Act now to avoid infection" that said this

Threat Level: HIGH

PandaLabs has detected that all computers infected with BlackWorm will encounter widespread damage this Friday, Feburary 3. BlackWorm, also known as "Tearec.A", "Mywife.E" and "KamaSutra" will corrupt all Microsoft Word, Microsoft Excel or Microsoft PowerPoint files on infected computers.

Don't wait to check if your computer contains Blackworm.
Panda Software recommends running an online virus scan immediately.


FREE VIRUS SCAN:
Scan your computer for Blackworm.
http://www.ActiveScan.com


PROTECT YOUR FRIENDS:
Forward this email to friends and family.


INFORMATION:
BlackWorm (Tearec.A) spreads through e-mail attachments, peer-to-peer networks and network shares. It disables and ends several antivirus programs installed on the affected computer. It also attempts to delete files belonging to several antivirus programs, peer-to-peer file sharing programs (P2P) and other Internet applications, which would cause them to stop working.

Additionally, it monitors the network traffic of certain connections related with antivirus programs and email services to collect passwords. All computer containing Panda Softwares proactive TruPrevent Technologies were protected prior to BlackWorm's release.



For maximum protection against BlackWorm, Panda Software suggests installing Platinum Internet Security 2006.


***EXCLUSIVE ONLINE OFFER***
Panda Platinum Internet Security 2006
Buy One, Get one Free (Save $79.95)

http://shop.pandasoftware.com/carri...arga&unidades=2&pais=63&idioma=EN&track=25121

Well, I had read about the virus here and I had use Panda Virus Scan before so I thought I would click on the link and scan my computer. When I clicked on the link Thunderbird popped up this message:

Thunderbird thinks this site is suspicious. It may be trying to impersonate the web page that you want to visit. Are you sure that you want to visit echo3.bluehornet.com ?

I thought "What the HECK???" I then went to the REAL Panda Software page and there was no address like that. I am thinking that if I would have went to that site, it would have LOOKED like the Panda site, I would have tried to start an Active Scan and BAM - ended up with something very nasty.

I always keep our virus protection up to date (it is done automatically) but if I felt very glad that I use this e-mail program that alerted me to this possible problem.

 

[GoofyDad869]

Thanks Towncrier!

That's the bulletin I was reading. My eyes must have glazed over on the PDF extension.

 

[Dan Murphy]

Another reminder bump.



Hey, Beth, nice to see you.