Rashes caused by Treatment of the Recent Rash of Viruses.

This forum is for the discussion of technology, computers, & problems relating to the web and your computer

Moderator: Scott Danziger

Post Reply
User avatar
Deep Sea
Posts: 1682
Joined: Sat Oct 19, 2002 6:01 am
Contact:

Rashes caused by Treatment of the Recent Rash of Viruses.

Post by Deep Sea »

I read somewhere yesterday concerning email being circulated offering programs to remove the new rash of viruses [worms, actually]. That article specifically states that much of that is hoax and that the applications you download to remove these new critters are actually the worms/virus/trojans themselves.

I'll see if I can find it today and post it, but the operative acronym in these cases is ABC.

BTW: Norton caught a bunch of them attempting to enter my system last week and this plus a number of back door trojans as well.
Always with an even keel.
-- Allen
User avatar
gmattson
Site Admin
Posts: 6069
Joined: Wed Sep 16, 1998 6:01 am
Location: Lake Mary, Florida
Contact:

mailblocks (for now) is the way to go.

Post by gmattson »

Since installing mailblocks, I have been saving over an hour a day screening my email. All email that comes from addresses not in my "approved" list, go into a "pending" file. Those email addressees get a reply from mailblocks, requesting a human response.(inserting numbers/letters that are shown in the email, into a form.) This process cannot (at least at this point) be done by a computer and therefore the email gets deleted after a few days.

Great system and one that should be encorporated into all email programs.
GEM
"Do or do not. there is no try!"
User avatar
Deep Sea
Posts: 1682
Joined: Sat Oct 19, 2002 6:01 am
Contact:

Post by Deep Sea »

Ain't that something, George, the new variety of email spam. So undecipherable that one must filter out everything and from that filter in only known addresses and/or known subject lines. This new generation of spam succeeds in getting past emailers.
Since installing mailblocks, I have been saving over an hour a day screening my email.
And we once thought computers would free up more time for other things, right?
Always with an even keel.
-- Allen
User avatar
Van Canna
Posts: 57244
Joined: Thu Mar 11, 1999 6:01 am

Post by Van Canna »

THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING


Two more worms spread across the Internet
By Hiawatha Bray, Globe Staff, 8/20/2003

As computer networks worldwide recover from the effects of last week's Blaster worm assault, two more attack programs spread across the Internet yesterday. One of them, called Welchia or Nachi, purports to repair the computer security flaw that allowed Blaster to infiltrate thousands of machines. But in the process, Welchia can bring down corporate computer networks. The other worm, called SoBig, could turn home and business computers into relay points for unwanted Internet e-mail ads, or "spam."

Both of them underscore the relative ease with which vandals can bypass the security features found on millions of home and corporate computers. Industry experts warned yesterday that attack programs, sometimes called "malware," are becoming steadily more sophisticated and dangerous, forcing computer users to become more adept at protecting their machines.

The SoBig worm is the latest in a series of similar worms that have plagued computers running Microsoft Corp.'s Windows operating systems. But the latest version, called SoBig.F, has some menacing new features.

When it infects a machine, SoBig scans a variety of data files, searching for e-mail addresses. It then mails copies of itself to these addresses. The mail messages feature a variety of subject lines chosen at random, such as "Wicked screensaver," "Thank you!" or "Your Details," They also include an attached file. Activating this attachment will infect the computer, which will then try to infect more machines.

If a SoBig-infected machine is connected to a corporate computer network, the worm will infect any other machines on the network that are set to allow the sharing of data files. SoBig is designed to deactivate itself automatically on Sept. 10.

So far, this malware is similar to earlier versions of SoBig. But Vincent Weafer, senior director of the security response team at antivirus software maker Symantec Corp., said the new version plants a "Trojan horse" program on the computers it infects to let the originator of the worm secretly send e-mail messages through infected machines. Symantec researchers say that the creator of SoBig has used the Trojan feature to steal personal information from infected computers, and to relay spam.

Weafer warned that the same method could be used to plant even more dangerous Trojans, including programs that could launch crippling attacks on other Internet computers.

"Once you have a backdoor Trojan installed on your machine," said Weafer, "technically anything is possible."

Symantec and other antivirus software makers received hundreds of reports of SoBig infections yesterday, but experts said this worm should spread more slowly than last week's Blaster worm, which is still infecting thousands of computers worldwide. SoBig is only spread via e-mail, and only infects users who click to activate the attached file. Blaster attacked any Internet-connected computer that lacked the correct antivirus patches and firewall settings, and it spread automatically, with no need of assistance from a careless computer user.

SoBig's creator was clearly up to no good. But the Welchia worm may be a misbegotten effort to protect people from the Blaster worm. This program spreads through networks afflicted with the same security flaw that Blaster exploited -- a weakness in several versions of Microsoft Corp.'s Windows operating system.

But Welchia actually repairs the flaw once it has infected the machine. It then uses the infected computer to look for other vulnerable machines. It's this effort to find other machines to infect that makes Welchia so troublesome. The worm sends out so many search messages that the traffic can overwhelm normal network communications.

Indeed, the Reuters news agency reported yesterday that computers at Air Canada's telephone call center and passenger check-in counters were crippled by the Welchia worm.

Fortunately, the same measures that protect computers against the Blaster worm will work against Welchia. Symantec and other antivirus companies offer detailed instructions on their Internet sites. In addition, major antivirus companies have offered updates that will filter out the new SoBig worm. Microsoft also offers specific technical advice on its website for protecting home and office computers against worms and viruses.

Like nearly all common malware, the two new worms only attack computers equipped with Microsoft operating systems. But Ken Dunham, malicious code intelligence manager for data security company iDEFENSE Inc. in Reston, Va., said it's unfair to assign too much blame to Microsoft for the attacks.

"It's not like they're the bad guys," Dunham said. He noted that Microsoft has moved quickly to report on security flaws like the one that made Blaster possible, and to offer repair patches for them. But because there are hundreds of millions of Microsoft-based machines in the world, said Dunham, it will take a long time to upgrade security on all of them.

The new worms also demonstrated the need for home computer users to use firewall programs to protect their machines. Both SoBig and Welchia communicate over data networks using special communications services or "ports" that are not normally used by legitimate network traffic. A properly configured firewall can prevent a Welchia infection. A firewall-equipped machine could still be infected with SoBig, but the firewall would prevent the worm from installing a Trojan program on the computer.

Setting up a firewall can require a more sophisticated understanding of computer networks than most home users possess. Nevertheless, Ken Dunham of iDEFENSE said that they would have to make the effort. "Basic security now is not just updated antivirus," said Dunham, "but you definitely have to have a firewall."
Van
User avatar
Deep Sea
Posts: 1682
Joined: Sat Oct 19, 2002 6:01 am
Contact:

Post by Deep Sea »

THAT's where I read the article.

Last week I cut something out of the Pawtucket paper that showed how to get rid of the worm and protect your pc.
Always with an even keel.
-- Allen
Post Reply

Return to “Computer & Web Tech Help”