Beware New Virus

[blade]

Some dumb shit sent me a 4.18 meg file so I had to forward it to another free web email, since I can't receive large files on my dial up. I figured it was just another on cable who assumes everyone has cable.

But it's a virus. Others have received similar so you all need to be warned.

Here is the email:

Adam Cohen"acohen1@speakeasy.net

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks
the attachement read: Clad20FULL.zip

here's the virus results using yahoo's online norton virus scan:

Virus W32.Sircam.Worm@mm found. File NOT cleaned.
This file contains a computer worm, a program that spreads very quickly over the Internet to many computers and can delete files, steal sensitive information, or render your machine unusable.

This attachment has a virus that may infect your computer. It cannot be cleaned.
We recommend that you DO NOT download this attachment.

[Snelski]

Yep, this sucker is spreading like crazy, I just can't wait for that phone call from one of the users at work that 'inadvertently' downloads that attachment - of course all after I have already warned them about it on Friday.

One thing everyone needs to know; the subject line is selected at random, so don't think this is one that only uses this one subject line. Some start with "Thank you" and "Hi how are you?" and there are a number of others. Also, the attachment may also be randomly picked from one of the documents on the infected computer - so watch out!!!

[Coldfusion]

For those of you running Win2K running IIS, there's a nasty little virus hitting many machines out there now (some of you in IT may already know about this)

It's called "Code Red" or bady.worm or IDA. There's a patch on MS's website for this. Many people (and companies) don't know about the virus or patch yet, so they are very vulnerable, and many companies have been hit in the past week (ironically, the virus hit microsoft's own sites as well).

[blade]

I received a second one from the same name and email to a different email called <b>Baldur2faq.doc.com</b> or <b>Baldur2faq</b>. This makes me believe it's someone lurking around here. One on the bad list, banned, heck take a number.

[Shogun]

I believe the sircom virus actually infects the address book and begins sending it out. (blade, so dont go and kill your friends... wait, what am i saying! burn em all) so if you have a close little clique, i would imagine that the virus will begin to send itself around your group (which is why dumb office environments rule! <-- note sarcasm) if everyone infected. As for the red worm, fun, nuf said.

methinks if you head over to symantec.com right now, they are both heavy hitters right now and both are front page material for the sym doods.

the sircom may also look like this:
Subject: Document file name (without extension)
From: [user_of_infected_machine@prodigy.net.mx]
To: [random@email.from.address.book]>

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks


see more here: http://www.tech-gods.com/#2599 hahahah sorry blade, had to plug my page.lol

[abovewood]

I received this email and attachment in my excite email account. I read the
message but delete it without opening the attachment. So my laptop should be safe?

[bonkers325]

yes
unless it was a script

[blade]

Exactly, do NOT open it. Delete is from your system pronto and you should be ok.

To stop the scripting viruses(called vb scripts) bonkers mentioned just remove that capability and you'll be safe. They open as soon as you open the message unfortunately while the one I received you have to open the attachement to get infected.

To remove vb scripting go to "add-remove programs". Click on "windows setup", double click "accessories" and UN-check "Windows scripting host". Click "ok" till you are all out of it and then, bingo. vb viruses can't harm you.

But again, the ones I received you have to actually open the attachement to get infected. Just delete those.

[tangluva]

Someone look at this letter I got:

Link to the image

What is it? Is it something bad or just SPAM? If it's nothing, then that's cool. I don't know too much about this.

[Msand9898]

yup this dope tried with me too:


Received: from chimta02 (chimta02.algx.net [216.99.233.77])
by linkmybusiness.com (8.9.3/8.9.3) with ESMTP id NAA15786
for <csandoval@defconcorp.com>; Mon, 23 Jul 2001 13:31:08 -0700 (PDT)
Received: from marcs.bisnets.net ([64.48.246.210])
by chimmx02.algx.net (iPlanet Messaging Server 5.1 (built May 7 2001))
with SMTP id <0GGY0047O0ZN3H@chimmx02.algx.net> for csandoval@defconcorp.com;
Mon, 23 Jul 2001 15:31:05 -0500 (CDT)
Date: Mon, 23 Jul 2001 13:31:58 -0700
From: Marc Madison <madison@cts.com>
Subject: Recert
To: csandoval@defconcorp.com
Message-id: <0GGY0047P0ZN3H@chimmx02.algx.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-type: multipart/mixed; boundary="Boundary_(ID_S6npAcmDe+0C+m6XueVVQQ)"
X-UIDL: 4973d23cbba28c392440dca2657dc7b5


--Boundary_(ID_S6npAcmDe+0C+m6XueVVQQ)
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7BIT
Content-disposition: messagetext

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

--Boundary_(ID_S6npAcmDe+0C+m6XueVVQQ)
Content-type: application/mixed; name=Recert.doc.lnk
Content-transfer-encoding: base64
Content-disposition: attachment; filename=Recert.doc.lnk

[bonkers325]

i have been getting a ton of this crap viruses on my pca email and yahoo email

[bonkers325]

man now i gotta do daily virus scans
oh well

[compuwiz1]

Blade, I got the same wording sent to me from a "Marilyn Burkett" (marilynburkett@hotmail.com)

"JFK-D2KB.zip.zlo"

"Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks"




Scumbags!

I didn't need a virus scanner to know what it was, fortunately. I did not open it.

I forwarded the email to abuse@hotmail.com and abuse@msn.com. Don't know if it will do any good.

[Rayzor]

I forwarded the email to abuse@hotmail.com and abuse@msn.com. Don't know if it will do any good.

Sup Steve,

Knowing the Schmucks at Microsoft, they'll probably incorporate it in the next version of WinBlowz runk

Heheh

[VidmanII]

.