Consumer Watch: Virus Alerts


Go to Consumer Watch Home
Go to Compupolis Home



(*) @ Compupolis


(*) My Sites


Put Bulbby On Your Desktop!

Rated By ICRA


Dreambook

Visitors: ???

-> See Real-Time Virus Activity Map

See the bottom of the left column for a list of top five viruses currently active as well as the top five virus advisories. These lists are updated in real-time by Trend Micro.

-> W32/SQLSlammer

Jan. 27, 2002: Last Friday, Jan. 24, around 9:30 PM, a new worm began causing denial of service attacks across the Internet. This worm took advantage of a security vulnerability in Microsoft SQL Server 2000. Microsoft issued a patch for the vulnerability six months ago, but many servers were not patched.

To reduce the potential for infection or attack, block UDP port 1434 at your routers.

For more information:

-> W32.Nimda.A@mm

This is a worm similar to Code Red, but is not a variant of it. Means of infection include e-mail attachments and infected web sites. Attachment is usually README.EXE. The link on an infected web page is also README. For more information:

-> Win32.All3gro.A

A new worm pretends to be a tool for removing the SirCam, Badtrans, and PrettyPark worms, but doesn't completely do it. In addition, depending on the day of the week, it tries to delete documents or system files and then e-mails itself to people in your address book.

Subject line of "New antivirus tool" with an attachment of "antivirus.exe".

-> Trojan.Offensive

This trojan uses an old bug in Microsoft's Java Virtual Machine to delete critical system files from your system. It arrives as an e-mail with a single hyperlink labelled "Start." All versions of Internet Explorer between version 3 and 5.5SP1 are affected.

-> Code Red II

Another worm that exploits the same security hole as the Code Red worm has appeared. This one opens a hole for others.

For more information:

-> W32/Sircam Worm

On July 25, 2001, CERT issued an advisory for the W32/Sircam worm. This worm has been spreading wildly since July 17. The worm is contained within e-mail messages written in either English or Spanish. Once the worm has infected a system, it will copy itself into unprotected network shares. It will also send copies of itself via e-mail to everyone in your address books, attaching a random file from your computer's hard drive in the process. This worm hides itself in your computer's Recycle Bin. It may also fill your computer's C: drive, depending on the system date.

For more information:

-> "Code Red" worm

On Friday, July 13, 2001, eEye Digital Security reported that a worm was spreading through the Internet by exploiting a security hole in the Microsoft IIS web server. It has become apparent that the worm's actions depends on the day of the month. On some days, it tries to spread to other hosts. On other days, it is either dormant, or it attempts a denial of service attack on the web site for the White House. At least one variant also defaces the victim web site.

For more information:

March 28, 2001 This virus can infect both Windows and Linux executable files. It does not do anything other than to try to infect as many files as possible.

(*)ZDNet: Experts debate severity of 'Winux' virus
(*)CNET News.com: Emergent virus can infect Windows, Linux

March 23, 2001 Worm that attacks Linux servers that are running certain versions of the BIND name server containing security vulnerabilities. The defense against this worm is to make sure you have installed all available patches for BIND. This worm may mutate and run on other variants of Unix (since BIND is not specific to Linux).

(*)For more information

(*)CNET News.com: "Lion" worm stalks Linux machines
(*)ZDNet: New 'Lion' virus on the loose

January 18, 2001 Another variant of the Melissa virus has appeared. The attachment purports to be a Macintosh-formatted Microsoft Office document.

(*)For more information

(*)CNET News.com: Melissa variant spreads as Mac document

January 17, 2001 No, not the noodles. This is the Ramen worm. It utilizes several well-known vulnerabilities for which patches were released months ago, so it would only infect systems where the patches have not been installed. It also only infects Red Hat Linux 6.2 and 7.0 systems even though the vulnerabilities also exist on other Unix variants. For Red Hat 6.2, the worm looks for the vulnerabilities in the RPC.statd and wu-FTP daemons. For Red Hat 7.0, it looks for the vulnerability in the lpd daemon. Once compromised, the victim server is then used to scan and attack other servers for the vulnerabilities.

(*)For more information

(*)CNET News.com: Ramen Linux worm mutating, multiplying

(*)CNET News.com: Internet worm squirms into Linux servers

(*)CERT Coordination Center: Widespread Compromises via "ramen" Toolkit

(*)CERT Coordination Center: Widespread Exploitation of rpc.statd and wu-ftpd Vulnerabilities


Go to Advantia.com


1