|
|
Post by Jacobthehero on Feb 1, 2005 20:34:45 GMT -5
DO NOT GET THIS VIRUS OR OPEN IT
Based on numerous reports from messers, a new virus seems to be propagating itself rapidly through MSN Messenger.
F-Secure identifies the worm as Bropia.A, other antivirus software (like including Kaspersky) labels it IM-Worm.Win32.VB.a.
When received and executed by the victim, the worm places itself in the C directory with a random filename like:
sexy_bedroom.pif
drunk_lol.pif
naked_party.pif
webcam_(random number).pif
love_me.pif and similar looking names.
It then automatically sends itself to active MSN Messenger contacts. It also drops and executes oms.exe, a variant of Rbot, which copies itself as lexplore.exe and adds two registry keys so it will be executed at next system startup. The bot can be used as a backdoor, logging keystrokes, relaying spam and for various other purposes and is therefor a huge security threat to your system. Brobia.A can also disable mouse right button and manipulate Windows mixer volume settings.
If you receive a file transfer request for such a file, press ALT-D or click Decline. Don't ever execute the file. If you did, delete the file immediately and permanently from your system (My Received Files and C drive) and take necessary security measures. For more information, visit F-Secure.
I did have a warning for you! it a real virus
|
|
|
|
Post by Gene L.D. Ryoko on Feb 1, 2005 21:53:56 GMT -5
wow that sounds scary,*brain explods*
tub uoy dias oot hcum. (read the words backwards)
|
|
|
|
Post by Yoshiken on Feb 2, 2005 10:12:13 GMT -5
speaking ov viruses....i heard they caught the guy that made the blaster worm and stuff
|
|
|
|
Post by PinkFloydYoshi on Feb 2, 2005 16:58:28 GMT -5
speaking ov viruses....i heard they caught the guy that made the blaster worm and stuff At last. No more outbreaks of it. The fool kept changing the filename of the virus and it'd reinfect machines. First it was msblast.exe, then it was changed to mslaugh.exe. It infected a friends computer twice. He wondered why there was so much traffic coming in and out from the net because of both these malicious files. Regardless of having no protection apart from 2 Windows Firewalls, I never got it, or any other virus. Reinstalling Windows every 30-60 days helps. |
|
Darkmark
Junior Yoshi
It's Darkmark! Darkmark! The M is not capitalised! *Brick*
Posts: 135
|
Post by Darkmark on Feb 2, 2005 17:59:46 GMT -5
Here's a hint. Don't open e-mail attatchments from people you don't know! Don't accept random files from people you don't know, and don't go to random sites downloading stuff off of them. If you get a download window when you didn't click a download link, don't accept the file.
In short, please engage your common sense before connecting to the internet.
|
|
|
|
Post by Lazo on Feb 3, 2005 0:07:39 GMT -5
Using common sense, it's like this:
Step 1. Stop being stupid.
Step 2. Problem should solve itself. If problem hasen't been solved, then you have not yet completed step 1.
|
|
|
|
Post by PinkFloydYoshi on Feb 3, 2005 9:07:06 GMT -5
Alot of them don't even require even that though. If you're not firewalled, your file sharing port, or even internet explorer will let them in. No user intervention neccasary. That's how blaster got around.
|
|
|
|
Post by Rainbow Yoshi on Feb 3, 2005 19:39:15 GMT -5
Hmm... I used to have lexplore.exe before I fixed my computer...but I don't ever recall accepting anything from MSN Messenger...oh well, it's gone now.
|
|
|
|
Post by Soul on Feb 4, 2005 4:39:21 GMT -5
My god, another "new virus" thread?? Do you guys know how many viruses are discovered daily? I think I'm going to have to lock this topic, it merely makes people worry about "just 1" of the dozens of viruses discovered every week: securityresponse.symantec.com/avcenter/vinfodb.html#threat_listHardly. Viruses are constantly being reverse-engineered and edited to have a different code structure, which means that the new "mutations" of the virus can bypass antivirus signatures of the previous virus. This is why it's not unusual to find there are so many variants of the same virus. www.webactivemagazine.co.uk/news/1155010And this should clearly give all of you the message that an antivirus program will NEVER stop all malicious software. Any programmer can make an evil program and keep it in secret (i.e. installing it only on select machines) and the antivirus programs on those machines will never know it's a virus UNLESS the guys that make the virus definitions for those programs get hold of a copy of that new virus. The person who got jailed for writing blaster.b was a n00b programmer kid that obtained the source code of the original msblast virus. All he did was alter it a little and redistribute it. (The person that wrote the original was a skilled programmer who was never caught ) When I read his story I couldn't actually believe how incredibly stupid this kid had been; Did you know he was using his homeserver to spread it? No wonder why he got caught!! And the other virus writer who got jailed last year, a teenage german boy (I think his name is Kasper?), was caught because he was turned in by a person who knew him (Microsoft had offered a bounty for him, something like $200,000, which had never been done before). This guy wrote several important viruses, like sasser, netsky(which by the way was written to do something funny with a computer's board beepers on a certain date.  ), etc.
This kind of virus exists mainly because of Microsoft being so stupid as to leave open ports by default that accept remote commands on client computers (such as the useless RPC service, & lsass.exe), services which were EASILY hacked using buffer overflows. And by the way, you can't turn off or delete these services or else your system crashes. ¬¬ I am most certain that changes have been made to these services in Windows LEVEL UP ! ! Service Pack 2.
Exactly! To be a little more specific, STOP opening every file with an executable extension that comes your way! People are like "Duhh, I wonder what this MS-DOS batch file that I got in my email does..." Don't wonder. Just delete it. Same with files with extensions like .scr, .cpl, .exe, .vbs, .pif, and .bat (batch file). There may be more that I forgot about.
|
|
|
|
Post by PinkFloydYoshi on Feb 4, 2005 10:11:10 GMT -5
People probably do, but it's informative, and it tells people that thair Anti-Virus should be updated/take precautions to not get the virus. Soul's right though. On my estimate, over 40 different virus's are found daily. It's silly the preduction rate of the blasted things. Hopefully, I'm a little more immune now I run Linux. Gotta figure out how to install this darn tcl/tk thing. Windows 2003 doesn't, and that costs over 300 British pounds (~$600). It's still unbelievably unsecure until it's updated though... I'd give you a program I found on an old machine, but it runs far too fast on early 486's. You need an 8086 in order for it to run at the right speed. It's rather funny though. that too makes noises come out of the system board speaker. Agreed. If you notice strange activity on your system, you're not protected. go over to www.trendmicro.co.uk, click 'personal' then click 'housecall'. Then give your machine a sweep using it. Select the drives and click scan. It's as simple as that. Personally, I think it's very informative that someone's taking into consideration the board member's machine's security. Means people continue to post and not die immediately without any hint they were leaving. |
|
|
|
Post by Soul on Feb 5, 2005 0:58:02 GMT -5
I highly doubt it... Yes but Windows 2003 is not a client OS Believe it or not I do have an 8086 here. It's an IBM PC XT from 1981. Still works!! My parents purchased it in 1990 to use for their business. They still used it up to about 2 years ago! It has a 10MB hard disk and runs MS-DOS 3.1 (I think, it's been years since I last used it) This may only remove some of the current threats on people's computers, but it won't prevent re-infection. The only way to prevent it is to educate the user... or to set up strict system permissions on their user accounts  I don't use an antivirus, for several reasons: 1.- No virus has ever been able to bypass my precautions and infect my system 2.- It will erase my "virus zoo" 3.- It will reduce system performance and increase boot time substantially 4.- It will constantly "babysit" me by nagging to make a full system scan or update definitions every once in a while (service pack 2 has given me enough of that) |
|
|
|
Post by PinkFloydYoshi on Feb 5, 2005 10:07:12 GMT -5
It's true that not enough people know, even worse, not that many people know what alot of them can do. People who aren't computer literate (And I've noticed this during the time I've worked with other people on stall's) always over-react when the newer virus comes out, without knowing it's capabilities. I saw one that just put a message on the screen filling asking the user a rather obscene question, and each time you tried to over your mouse over no, the word would shoot over to the other side of the screen. The user is forced to click yes and then it comes up with something along the lines of "ha ha! you have no" and i'll let you imagine what comes next... Yeah, but thats where the stupidity comes in. They work on 2003's security so much more than the client os's. Now, at complete install, Sound, Themes, WIA(Windows Image Aquisition), IMAPI CD Burning and other services are disabled by default. This obviously isn't the way to go for the client os, but, there's so much more that's been done. Better internet security (Internet Explorer Enhanced Configuration - Prevents sites from being seen until they're added to a 'trusted sites' list.). That only works in IE though because it doesn't throw a wobbly when FireFox tries to goto a site. And it's only on the server (Yes, It took me a mere week to figure it out after the block I imposed of Busted's website didn't work). I wasn't a happy bunny, using my internet to visit that. geez. Heh, I might get the box down I think. Mind you, I'll be revelling in the projects I did in QBasic. Wow, Takes me back. I'll send you some of those too if you want. See what I did in my QBasic classes at college. I know one project was dubbed by me and a friend as 'the ultimate operating system', although it was command line based, heh. I called it 'domesdos'. I wanted to burn it onto CD and have the comps keyboards taken away from all the machines in the one room, and have our class sellotape the mice to the back of their heads. Makes you wonder what exactly we did during college, eh? Neither have I quite honestly. I don't use anti-virus stuff either. I have a windows 2003 server blocking the way, as well as having blackice server protection installed. Then there's the red hat 9 firewall on this machine. Virus zoo? lol. I have a test virus(which does nothing, tests to see Anti-Virus Software's working - It's downloadable from symantec), and a directory labelled viruses, but it only contains how to get rid of the viruses, manually. Yeah, Housecall doesn't provide a permanent solution, but it gets you in the clear, until you download yet another virus onto the machine. A little caution to those of you that have trouble running housecall. Some viruses will try to defend themselves, and disable access to certain sites, and even disable you from installing or running anti-virus software. From that point on, the best way to do it is to learn to manually remove them. There are documents provided from Microsoft themselves on how to do this. Luckily, I've never had to do virus removal on this comp. I've had to manually remove 40-odd from a friends though. Really, This could turn into a little informational thread to educate the board users as to how many and what the worst viruses can do. It might even stop other threads like this cropping up. One virus I saw replaced the first character of a partition to 0 and made the whole partition dissappear. The way to get round it was to open up a disk editor in DOS and find out the rouge 0. I'd rather that not happen on either of my 80Gb drives, so storing viruses with my trigger happy attitude is out of the question, heh. Windows is on the 40Gb so I don't care about that, heh. |
|
|
|
Post by Soul on Feb 5, 2005 19:06:26 GMT -5
I have all of my viruses with an extension of .vir, so that they can't be opened accidentally. They're just mere inert files, waiting to be examined the day I learn how to de-compile them... of COURSE just for educational purposes. Here's a wav showing Netsky's "mischievousness": img.2yr.net/W32.Netsky.C.wavAnd here's an interesting file... It's an email that uses the MIME/IFRAME exploit to open itself automatically. I've replaced its viral MIME code with a harmless ssb mp3, so it's safe to play around with. Opening it with notepad reveals its secrets. This will open itself on all windows systems (doesn't matter if they're patched or not) except in LEVEL UP ! ! SP2. All it needs is to be inside a folder with 'web-page' view (it opens when it's selected). Note: save it with "save target as": img.2yr.net/me-abro-solo.emlComputer security is one of my main fields of interest |
|
|
|
Post by Jacobthehero on Feb 6, 2005 14:10:07 GMT -5
|
|
|
|
Post by Soul on Feb 6, 2005 16:08:11 GMT -5
Why not?? It's just a wav file. Are you scared of the filename or what?
|
|
|
|
Post by Jacobthehero on Feb 6, 2005 19:43:15 GMT -5
that file name
what is this?
|
|
|
|
Post by Soul on Feb 6, 2005 20:41:02 GMT -5
It's the sound that the Netsky virus makes using the board beepers.
|
|
|
|
Post by PinkFloydYoshi on Feb 9, 2005 1:00:03 GMT -5
holy beach parties. I love windows 2003. img135.exs.cx/img135/7267/ahh8dd.jpgJust goes to show, even 2003's firewall let's certain things in, and I don't even use this gateway to surf the net! That exe must be the virus... |
|
|
|
Post by Soul on Feb 9, 2005 20:03:19 GMT -5
The firewall that comes with the windows NT family of OS's (nt/2000/ LEVEL UP ! !/2003 server/etc) has always been regarded as a very weak firewall. 3rd party firewalls remain a must. I don't trust software firewalls much, but I love routers Make sure that your firewall is also blocking ports commonly used for file sharing, RPC, and netBIOS, like ports 135, 445, 139, etc. If it is not then lots of things can get in through those open ports. If you had a router between your LAN and the internet, there would be no problem leaving those ports open (and you would be able to share files and printers securely) because the incoming connection requests that the router receives are never forwarded to any PCs in the LAN, unless the router is specifically configured to do so (like I did with mine to forward ports 20,21 and 80 to my homeserver). |
|
|
|
Post by PinkFloydYoshi on Feb 9, 2005 20:37:43 GMT -5
Hardware Router/Firewalls are great. It's just not many are within my price range that sucessfully work with AOL. I've got a Linksys BEFSR41 cable/DSL router that does NAT, and has AOL parental controls in it's settings. It's just that in order to use it, I need another modem that has an RJ45 socket on it. Silly really. Since I reinstalled the server, Black ice hasn't been reinstalled because I honestly couldn't be bothered. Yep, laziness has set in. This USB modem will do me. Just not many providers today cater for linux, so the gateway will stick as a Windows system, and will be reboxed at some point in my next hardware project. Converting an XBox console into an internet gateway. Seeing that George Foreman Grill having a PC motherboard in was quite funny. www.mini-itx.com/projects/igrill/Red Hat 9 is good, until it started asking me to pay for software updates. I wasn't best happy. Next to try is Suse 9, once I have it. Hmm, I would rather it not be us two (Me and Yoshi Soul) taking up an entire thread. It'd be grand if everyone chipped in. Hmm. Anyone like hardware projects? www.mini-itx.com/projects/animalsnes/Edit: Oh, you've editted your post... Will include new details breifly That's something to do with NAT isn't it? I think this linksys does that. There's also a bunch of other settings I have no clue about. One being DMZ Host. wtf? heh |
|
