swebleft.gif (1145 bytes)SPIDERWEBswebrt.gif (1147 bytes)
Australian Internet Access

 
URGENT VIRUS WARNINGS !!!

W32.bugbear@mm

This is a mass mailing worm, as well as a keystroke logger and backdoor trojan.
If your computer is affected with this virus, the security of your data could be compromised.

It also attempts to disable antivirus and firewall programs.
It arrives as an email with various subjects, and the message text may vary.
The name of the attachment is also variable.

This virus is spreading rapidly !

More info:
http://www.sarc.com/avcenter/venc/data/w32.bugbear@mm.html

 

*************************************

YEXIN.com

Whatever you do,  DO NOT  go to YEXIN.COM !!!!!!!!!!!!!!!

This site puts in a virul setting which opens hundreds of pages on your system!!!
It changes your home page, and negates some Anti Virus programs...

It is a MAJOR removal effort, and will probably require the wiping of your hard drive, including the loss of data....   Stay tuned on this one...

*************************************

KLEZ !!!

This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension.

This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment.

The worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment.
The worm attempts to disable on-access virus scanners and some previously distributed worms (such as W32.Nimda and CodeRed) by stopping any active processes. The worm removes the startup registry keys used by antivirus products.
For More Info:

http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html

----------------------------------------

Another virus is masquerading as a Microsoft security update.

The virus, a mass-mailing worm variously dubbed I-Worm.Gibe, W32/Gibe@mm, WORM_GIBE.A, etc., does not carry a destructive payload, but is capable of installing a backdoor Trojan which allows remote access to an infected system.

Gibe arrives as an attachment named Q216309.exe to a message that begins:

From: Microsoft Corporation Security Center
mailto:rdquest12@microsoft.com]
To: Microsoft Customer
Subject: Internet Security Update
Attachment: q216309.exe

Microsoft Customer,

this is the latest version of security update, the update which
eliminates all known security vulnerabilities affecting Internet
Explorer and MS Outlook/Express as well as six new
vulnerabilities, and is discussed in Microsoft Security Bulletin
MS02-005. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an
attacker to run code on your computer.

The message then goes on to describe the vulnerabilities the worm purports to correct.

The worm, written in Visual Basic, uses Microsoft Outlook and its own SMTP engine to spread. When Q216309.exe it creates two copies of itself, drops the component which uses Outlook and SMTP to spread, creates a Backdoor Trojan that opens port 12378, creates a data file that it uses to store all e-mail addresses it finds, and creates another component that searches for e-mail addresses from the Outlook Address Book and all addresses found in .htm, .html, .asp, and .php files. Once the final component has those e-mail addresses, it writes them to the data file.

Finnish security firm F-Secure Corp. said Wednesday that victims can get rid of the worm by deleting all its components from an infected system. It noted that if some components are locked while Windows is active, they have to be deleted from pure DOS or renamed with a different extension with immediate system restart.

***************************

W32.Myparty@mm is a mass-mailing email worm. It has the following characteristics:

Subject: new photos from my party!
Message:
Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachment: www.myparty.yahoo.com

The worm sends email to all contacts in your Windows address book, and to email addresses that if finds in the Outlook Express Inboxes and folders.

In addition, the worm sends a message to the author so that the author can track the worm.

On NT/2000/XP systems, the worm drops a backdoor Trojan that allows a hacker to control your system. NAV will detect this as Backdoor.Myparty.

There is also a  "B" version of this virus....

*************************************************************

W32.Maldal.C@mm (W32.Zacker.C@mm, W32.Reeezak.A@mm), is a mass-mailing worm that is written in Visual Basic. The worm uses Microsoft Outlook to spread its infection. It also modifies your Internet Explorer home page.

The Email contains the text....

Hii
I can't describe my feelings
But all i can say is
Happy New Year :)
bye

Do NOT open the attachment as this virus can also
overwrite files with the extensions:
.lnk, .zip, .jpg, .jpeg, .mpg, .mpeg, .doc, .xls, .mdb, .txt, .ppt, .pps, .ram, .rm, .mp3, .mdb, or .swf

For more info:

http://www.sarc.com/avcenter/venc/data/w32.maldal.c@mm.html

*************************************************************

w32.goner.a@mm.htm  is a virua which can delete your files !!!!   It comes as an attachment to an email with the subject:   "Hi".  The attachment is   "Gone.scr"   

This virus can also come via ICQ  and also uses  MIRC chat chanels. 

For more info:

http://www.sarc.com/avcenter/venc/data/w32.goner.a@mm.html

***************************************

W32.Badtrans.B@mm is a  worm that emails itself out as one of several different file names.
This worm also drops a backdoor trojan that logs keystrokes.
Discovered  24/11/2001.

Once again we must stress NOT to open email attachments with strange names eg:
HUMOR.doc.pif
DOCS.zip.scr

For more info on this virus:  http://www.sarc.com/avcenter/venc/data/w32.badtrans.b@mm.html

***************************

Also, the    W32.Aliz. Worm  is becoming very prominent again.
When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. There is a patch available from Microsoft, or upgrade your browser/mail to IE6/Outlook Express 6 .

For more info:  http://www.sarc.com/avcenter/venc/data/w32.aliz.worm.html

 

.......  the Spiderweb team
 

Spiderweb Home Page